Cyberattack shuts down Ecuador’s largest bank, Banco Pichincha

Ecuador’s largest private bank Banco Pichincha recently suffered a cyberattack that disrupted operations and took the ATM and online banking portal offline. The bank had to shut down portions of their network to prevent the attack’s spread to other systems. The attack had a cascading effect with the shutdown of systems leading to non-functional ATMs, and the online banking portals displaying maintenance messages.

There has been a rapid increase in ransomware attacks over the past few years. According to Forbes, “Despite all the warnings and high-profile breaches, the state of readiness for most when it comes to cybersecurity is dismal. The need for better cyber-hygiene is evident from using stronger passwords, patching software, employing multi-factor authentication, and many other important security steps.”

2022 Ponemon Report: The State of Certificate Lifecycle Management in Global Organizations

The number of machines has surpassed the number of humans. With the growing number of machines talking to each other even on the go, the need for securing communication is paramount. Asymmetric key cryptography is a widely used practice for securing data in transit. Digital certificates are the way to establish and extend trust during communication. These certificates are used as identities for machines and are provided by certificate authorities (CAs).

As requirement for certificates grows – especially certificates that need to be trusted within the organization, enterprises have to set up their internal public key infrastructure (PKI)  so that private CAs can be created internally.

Technically creating a CA and signing a certificate is very simple. If it is being done for local testing, anybody can sign the certificate without much effort. However, when the certificates provided by CA’s are used in production, there is more to it.

Gain complete visibility into your certificate infrastructure

Digital certificates, which serve as virtual identities for both hardware and software entities connected to the internet, can make or break a network system simply by its virtue of rendering systems online and safe to other entities that wish to communicate with it.

PKI is a framework that enables the encryption of public keys and includes their affiliated crypto-mechanisms. The purpose of any PKI setup is to manage keys and certificates associated with it, thereby creating a highly secure network environment for use by applications and hardware.

X.509 certificates and public keys form the cornerstone of PKI, acting as the mechanism through which cryptography can be established for an endpoint. PKI may refer to any software, policy, process, or procedure employed while configuring and managing those certificates and keys.

Is there a smart and simple approach to PKI management?

Setting up and scaling enterprise PKI is costly because of the upfront requirement of compute resources and security experts and continuous tedious operations and upgrade needs.

Organizations need to invest in a PKI management system that simplifies CA infrastructure and infuses complete certificate lifecycle management (CLM) functionality with end-to-end automation. The solution should be highly scalable and easy to provision in the absence of complex hardware or software infrastructure to set up and maintain.

With robust support for multiple deployment environments, a highly secure PKI management system with advanced and secure storage devices will protect keys and certificates from getting compromised.

What are some of the best practices for PKI management?

Establishing and managing an ideal PKI system would involve an impeccably managed infrastructure that includes certificates and keys, CAs, hardware security modules (HSM)s, associated DevOps, ITSM, identity and access management (IAM) tools, and a lot more. However, let’s look at some of the best practices for PKI management.

Maintain a certificate inventoryEnsure that every certificate – currently in use, discarded, or revoked is tracked in a centralized inventory system.

Protect private keysUse HSM’s that meet compliance requirements (FIPS 140-2) to store keys and secure vaults to store passwords. Ensure automated rotation of private keys from within the HSM to prevent manual handling.

Use certificates issued by trusted CAFor external use, purchase certificates issued by globally trusted CA’s instead of self-signed certificates. Using such certificates on external-facing applications or endpoints makes these endpoints highly vulnerable to misuse.

Rotate keysRotate SSH keys frequently since they are password-based and can be compromised easily.

Establish policyCreate and enforce PKI management policies with regard to role-based access to crypto-assets, certificate renewal durations, and PKI audit trails. By creating transparency and clearly defined rules, the chances of mismanagement-induced vulnerabilities are lowered, and errors, if any, can be easily tracked and remediated.

Practice crypto-agilityInfuse PKI with a system of control that allows for accelerated manipulation of its constituent systems. This includes the ability to quickly rotate certificates, expedite the enrollment/renewal/revocation process with CAs, and rapidly switch out outdated algorithms and protocols with new ones.

Essentially, every PKI needs to be paired with a certificate management system, and this managed PKI system needs to be:

  • scalable
  • crypto-agile
  • compatible with cybersecurity tools
  • flexible enough to adapt to infrastructure changes

AppViewX can help

AppViewX’s certificate lifecycle automation is a one-stop solution for automated discovery, expiration alerting, renewal, secure provisioning, and revoking of SSL/TLS certificates with granular role-based access regulation across multi-vendor infrastructures. It arms security operations and PKI teams with the critical insights needed to avoid unwanted outages and other issues associated with non-compliant certificates.

Let’s get you started on your certificate automation journey


  • certificate lifecycle management
  • SSL Certificate Lifecycle Management

About the Author

Sanchita Chakraborti

Director, Product Marketing – AppViewX CERT+

Sanchita is a Product Marketer responsible for understanding the industry landscape, buyer personas, their pain points and translating them into compelling value propositions and messaging.

More From the Author →

Related Articles

Replace Your Microsoft Certificate Authority (CA) With AppViewX PKI-as-a-Service

| 6 Min Read

4 Reasons Why Enterprises Should Adopt PKI-as-a-Service

| 4 Min Read

Staying Ahead Of Cyber Threats And Data Privacy Challenges In Financial Services

| 5 Min Read