News & Comment: Why is the Daily Mail’s site ‘not secure’?

NEWS: BBC News today reported that the new Chrome 68 browser has resulted in high-profile websites displaying “Not Secure” warnings to visitors because the websites aren’t secured with HTTPS: Chrome

COMMENT: Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, explained:

“As expected, several high-profile websites now greet Chrome users with a ‘Not Secure’ warning from today. Understandably, this might create some confusion and concern – but people shouldn’t worry, it’s actually a sign that the internet as a whole is becoming more secure.

The fact is, websites should be secure as a matter of course; it’s only right that Google is warning against sites that do not use HTTPS because these sites expose users to risk. Ultimately, this change will pressure businesses to step up their game and improve security across the internet. This can only be a good thing.

However, as we’ve seen from the depreciation of SHA-1 certificates, organizations are typically slow to react to warnings of this kind and can often underestimate the task at hand. Many organizations do not properly track the certificates necessary to implement HTTPS – they have thousands of certificates that they are unaware of. Just the task of discovering these and making sure they are upgraded to HTTPS will be a big task and, if done manually, there are likely to be gaps which are likely to cause disruption to customers and business processes.”