Why hackers are targeting CAs - and what you can do about it

Probably the most disturbing data breaches of 2011 involved security companies themselves coming under determined and sustained attacks. RSA and DigiNotar both fell victim to hackers, sending shockwaves through the security community.

Only weeks into the new year, we have had the belated announcement that VeriSign – another trusted third-party certificate authority (CA) – was hacked and had data breached. These organisations know that they are high-value targets and take extraordinary measures to protect themselves, and yet they are still successfully attacked and breached despite these best efforts.

If companies that pride themselves on providing the most advanced and sophisticated network security solutions can't protect themselves, how can they look after us? DigiNotar was so seriously damaged that it went out of business, an unprecedented event in the IT security industry.