This hole in enterprise security has not gone unnoticed. The recently uncovered Mask operation steals SSH keys to impersonate, surveil, collect, and decrypt its targets’ communications and data. If SSH keys are not replaced after intrusions like The Mask attacks, enterprise networks remain owned by the attackers.
The Ponemon research also found that 60% of organizations could not detect rogue SSH keys on their networks since system administrators self-police SSH keys using manual processes.
“Frequently, we look at a wide range of different IT security issues that impact global organizations. This study stands out as it reveals the damage that a single, unprotected SSH key can cause,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “Although SSH keys are an IT security technology, they are often left unchecked in the hands of a wide-range of administrators that are not, in theory or practice, IT security experts. This dirty little secret, revealed by the survey, is further evidence that root access to the world’s most sensitive data is widely available and largely unprotected, leaving many organizations open to perpetual cyberattacks and compromises.”
“CEOs, CIOs, CISOs and other IT security executives are tolerant to the point of insanity when it comes to controlling, protecting and detecting SSH, the most widely used security and authentication technology between administrators, servers, and clouds,” said Venafi CEO Jeff Hudson.
“This is a dangerous situation, akin to giving the foxes the keys to the hen houses. They have allowed SSH security to spin out of control, which in fact places their organizations in jeopardy. The total inability to respond to a breach by rotating all SSH keys means CISOs should be investing more in bulldozers for their data centers than firewalls,” Hudson added.