{"id":8226,"date":"2018-12-21T14:22:48","date_gmt":"2018-12-21T19:22:48","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=8226"},"modified":"2018-12-21T16:28:19","modified_gmt":"2018-12-21T21:28:19","slug":"2018-was-a-busy-year-for-ssl-tls","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/2018-was-a-busy-year-for-ssl-tls\/","title":{"rendered":"2018 was a busy year for SSL\/TLS"},"content":{"rendered":"<h2>Here\u2019s why you shouldn\u2019t expect it to slow down in the new year.<\/h2>\n<p>The SSL industry has seen a lot of changes, especially this past year. As the door on 2018 gets ready to close, we wanted to take this opportunity to recap where we\u2019ve been, the current state of the market and what we expect to come down the pike in 2019.<span id=\"newline\"><\/span><\/p>\n<h2><strong>SSL was anything but boring in 2018<\/strong><\/h2>\n<p>Browser UIs evolved. Again. Not secure warnings hit the net. GDPR went into effect. Comodo CA re-branded as Sectigo. 2018 saw plenty of SSL-related action and we had a front row seat.<\/p>\n<h2><strong>HTTPS is gaining traction <\/strong><\/h2>\n<p>No doubt about it, the web is becoming more and more encrypted by the day. Articles abound that confirm that the browser\u2019s push for total encryption is becoming a reality. In his November Trend Briefing, DigiCert\u2019s Threat Strategist Jeff Barto shared that more than 80% of page loads in Chrome and 70% in Android are now over HTTPS. While that\u2019s impressive, there\u2019s still plenty that need to make the move, according to <a href=\"https:\/\/www.thesslstore.com\/blog\/nearly-21-of-the-worlds-top-100000-websites-still-arent-using-https\/\">our recent blog post<\/a>, roughly 21% of the world\u2019s top 100K sites still aren\u2019t using encrypted connections.<\/p>\n<h2><strong>The SSL market continues to grow<\/strong><\/h2>\n<p>Netcraft\u2019s June 2018 report confirms significant growth in SSL certificates. Specifically, total certificates increased more than 13.2 million or 68% year-over-year from June 2017. And, while 80% of this growth was Domain Validation (DV) certs, Extended Validation (EV) grew 21.1%.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-8230\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/Cert-Type.png\" alt=\"2018 SSL recap\" width=\"900\" height=\"525\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/Cert-Type.png 900w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/Cert-Type-300x175.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/Cert-Type-768x448.png 768w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><em>Source: Netcraft June 2018 Report<\/em><\/p>\n<p>So, while DV still dominates the market share, there\u2019s also a definite place for premium certificates. Especially when you look at the share of traffic by certificate type.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-8229\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/Traffic-Share.png\" alt=\"2018 SSL recap\" width=\"900\" height=\"525\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/Traffic-Share.png 900w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/Traffic-Share-300x175.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/Traffic-Share-768x448.png 768w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><em>Source: Comscore and Netcraft<\/em><\/p>\n<p>The percentages even out even more when you look at ecommerce transactions.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-8228\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/eCommerce.png\" alt=\"2018 SSL recap\" width=\"900\" height=\"525\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/eCommerce.png 900w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/eCommerce-300x175.png 300w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/eCommerce-768x448.png 768w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><em>Source: Comscore and Netcraft<\/em><\/p>\n<h2><strong>A peek at 2019<\/strong><\/h2>\n<p>Forecasts are mostly positive for SSL as we look ahead to 2019. Let\u2019s look at what a few industry experts are predicting.<\/p>\n<p>According to the CA Security Council\u2019s 2019 Predictions:<\/p>\n<ul>\n<li><em>More than 90% of the world\u2019s traffic will be secured over SSL\/TLS by the end of 2019 <\/em><\/li>\n<li><em>TLS 1.3 will grow by more than 30% by the end of 2019<\/em><\/li>\n<li><em>Phishing (especially encrypted phishing) will continue to skyrocket<\/em><\/li>\n<\/ul>\n<figure id=\"attachment_8166\" aria-describedby=\"caption-attachment-8166\" style=\"width: 300px\" class=\"wp-caption alignright\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-8166\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/Jeff-Barto.jpg\" alt=\"Jeff Barto\" width=\"300\" height=\"300\" \/><figcaption id=\"caption-attachment-8166\" class=\"wp-caption-text\">Jeff Barto, DigiCert<\/figcaption><\/figure>\n<p>And, here\u2019s what DigiCert\u2019s Threat Strategist Jeff Barto sees on the horizon:<\/p>\n<ul>\n<li>2019 will be the year we\u2019re going to wake up and demand to know that who we\u2019re connecting to is a legit company<\/li>\n<li>Inconsistent trust indicators present both challenges and an opportunity to re-define what they can do and mean, and create new ones<\/li>\n<li>This will be the year people get sick and tired of breaches, driving them to take control and take steps to protect their identity<\/li>\n<\/ul>\n<p>Here\u2019s what we see at The SSL Store<sup>&#x2122;<\/sup>.<\/p>\n<h2><strong>SSL isn\u2019t going anywhere but up<\/strong><\/h2>\n<p>Industry reports support our position that SSL will continue to be an increasingly important staple of every organization\u2019s security budget. The 2018 IDG Security Priorities Study supports the notion that companies are moving toward a more proactive stance, with 74% of respondents reporting that best practices and compliance are key factors that drive their security spending. And, the SSL market overall is predicted to grow at nearly twice the rate of web hosting or domain registration.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-8227\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/Forecast.png\" alt=\"2018 SSL recap\" width=\"469\" height=\"262\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/Forecast.png 469w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/Forecast-300x168.png 300w\" sizes=\"auto, (max-width: 469px) 100vw, 469px\" \/><\/p>\n<p>So, how does an IT manager or advisor help the powers that be understand that SSL needs to be an essential part of their security strategy?<\/p>\n<h2><strong>The SSL conversation needs to be about way more than encryption<\/strong><\/h2>\n<p>The browser UI changes have certainly had a huge impact on SSL market growth. But that\u2019s not the only thing driving the increasing need for SSL certificates. Here are a few other factors companies need to equally consider when contemplating if they should protect their data, customers and reputation with SSL and which type of certificate to choose.<\/p>\n<p><strong>Phishing<\/strong>\u2014According to PhishLabs Q3 2018 report, nearly half (49%) of phishing sites are duping visitors into believing they\u2019re safe by enabling HTTPS with DV certificates. And, secure and safe are definitely not the same thing as we pointed out in <a href=\"https:\/\/www.thesslstore.com\/blog\/https-phishing-green-padlock\/\">our November 27 blog post<\/a>. This might explain the steady bump in premium certs as organizations increasingly choose to separate themselves from the phish pond.<\/p>\n<p><a href=\"https:\/\/www.thesslstore.com\/blog\/nearly-21-of-the-worlds-top-100000-websites-still-arent-using-https\/\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-8233 size-full\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/Stat-Callout-1-e1545421201582.jpg\" alt=\"2018 SSL recap\" width=\"579\" height=\"62\" srcset=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/Stat-Callout-1-e1545421201582.jpg 579w, https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/Stat-Callout-1-e1545421201582-300x32.jpg 300w\" sizes=\"auto, (max-width: 579px) 100vw, 579px\" \/><\/a><\/p>\n<p><strong>PCI Compliance<\/strong>\u2014PCI compliance is a necessary evil of running a business that accepts credit cards and SSL certificates play an important role in meeting these requirements. Here are a few SSL-related issues that can cause a \u201cfail\u201d on a PCI compliance scan if they\u2019re not resolved:<\/p>\n<ul>\n<li>Using expired SSL certificates<\/li>\n<li>Using non-publicly trusted SSL certificates in the wrong areas<\/li>\n<li>Using lower than 256-bit encryption<\/li>\n<li><a href=\"https:\/\/www.infosecurity-magazine.com\/opinions\/tls-dead-live\/\">Using outdated TLS protocol<\/a><\/li>\n<\/ul>\n<p>Failing a PCI compliance audit could result in hefty monthly fines in the tens, to hundreds of thousands, possible suspension of a company\u2019s ability to handle card payments, plus leaves them more vulnerable to cyberattacks.<\/p>\n<p><strong>GDPR<\/strong>\u2014These new regulations took effect May 25 of this year and Gartner predicts more than 50% of companies affected still won\u2019t be in full compliance by the end of 2018. Breach penalties are steep at \u20ac20 million or 4% of annual turnover, whichever is higher. Just to put this into perspective, this would equate to $7 billion for Amazon, more than two years of profit. Plus, there may be additional fines based on the type of breach, data exposed, notification, remediation and response. And, this doesn\u2019t include irreparable damage to reputation or costs associated with insurance, legal fees and settlements. Beyond the regulation itself and possible fines, there are other considerations, including companies with partners that want to be GDPR compliant and require them to follow suit. Last, but not least, there\u2019s plain old customer trust and expectations for companies to treat their information with kid gloves. And, some of the requirements in the 99-article GDPR can only be accomplished with SSL certificates.<\/p>\n<p>One last note about compliance. Companies are, in fact, taking it seriously and backing it with budgets according to the 2018 IDG Security Priorities Study that reports 69% of companies see compliance mandates driving spending.<\/p>\n<p><em><strong>RELATED:<\/strong> <a href=\"https:\/\/www.thesslstore.com\/blog\/preparing-gdpr-introduction-1\/\">The Hashed Out GDPR Compliance Series<\/a><\/em><\/p>\n<p><strong><img decoding=\"async\" class=\"alignright wp-image-6389\" src=\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/05\/TSS-Hashedout-Blog-Graphic-10.svg\" alt=\"Ten of the biggest data breaches in recent history\" width=\"300\" \/>Data Breaches<\/strong>\u2014Almost a day doesn\u2019t go by without reports of a massive data breach. Adidas (two million records compromised), Facebook (up to two billion accounts scraped)\u2014the list goes on. And, it\u2019s not just the mega brands. According to the 2018 Global Threat Report, 71% of companies report suffering at least one data breach.<\/p>\n<p>Gemalto\u2019s Breach Level Index tracks activity and reported the first six months of 2018 saw 945 reported data breaches involving 4.5 billion records. That&#8217;s 291 records stolen or exposed every second. And, a mere 1% were encrypted. In fact, Verizon\u2019s Data Breach Investigation Report cites lack of encryption and security when handling confidential information among the top most common causes of breaches. If you suffered a breach, wouldn\u2019t you at least want to make sure your company and customer data couldn\u2019t be decrypted by evil doers?<\/p>\n<p>Companies need to ensure that they have implemented best practice encryption to protect data at rest (when it&#8217;s on the server) and in transit (while it&#8217;s on the way to\/from the user). SSL certificates have been the de facto encryption and authentication standard for protecting data in-transit for more than 30 years. Simply put, not having an SSL certificate increases your risk of a data breach.<\/p>\n<p><strong>Man-in-the-Middle Attacks<\/strong>\u2014In case you missed it, our Hashed Out Editor-in-Chief Patrick Nohe recently took a <a href=\"https:\/\/www.thesslstore.com\/blog\/man-in-the-middle-attack-2\/\">deeper dive into MITM attacks<\/a> and there\u2019s a lot more to it than meets the simple internet connection. Detecting MITM attacks is difficult, so prevention is the key. And, once again, the only real way to prevent a MITM attack is with SSL\/TLS encryption and HTTPS. Let me rephrase that\u2014it won\u2019t necessarily stop the attack, but it renders the intercepted data useless and, therefore, secure.<\/p>\n<h2>The SSL future looks bright<\/h2>\n<p>There\u2019s certainly no lack of talking points around why every organization needs SSL\/TLS certificates. Hopefully we\u2019ve given you some insights to help you make 2019 the year you put SSL in the spotlight.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here\u2019s why you shouldn\u2019t expect it to slow down in the new year. The SSL industry has seen a lot of changes, especially this past year. As the door on&#8230;<\/p>\n","protected":false},"author":16,"featured_media":8234,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[17],"tags":[9603],"class_list":["post-8226","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-industry-lowdown","tag-resellers","post-with-tags"],"views":15033,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/12\/bigstock-New-Year-Is-Coming-Concep-264347098.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/8226","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=8226"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/8226\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/8234"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=8226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=8226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=8226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}