IT World explores how most cyber security professionals forget, or flat out just do not know how, to change encryption keys after a network breach:

However, many companies don’t have systems in place to track all of the keys and certificates, or to replace them with new ones when needed.

Only 43 percent of survey respondents said that they were using a key management system and 14 percent said they were using a manual process. Of the rest, 16 percent said that they didn’t know, and 22 percent said it was someone else’s responsibility.

In addition, 38 percent of respondents said that they didn’t know how to detect compromised keys or certificates.

PKI is a tough nut to crack, and not a lot of system administrators, much less cyber security professionals, have experience with these types of tasks. The results of this survey are not surprising.

These cyber security professionals need to be educated on the right things to do with encryption keys and certificates, both during and after a compromise.