Unprotected SSH cryptographic keys make nearly every enterprise server, virtual machine and cloud
service vulnerable to cyber attacks. Key Ponemon research findings include:

  • Three out of four enterprises have no security controls for SSH that provides cyber attackers root access

  • Over half of enterprises acknowledge that their organizations have already experienced an SSH key-related compromise

  • Yet 46% of enterprises do not rotate or change SSH keys, in spite of the fact that SSH keys never expire, which means this represents a perpetual vulnerability


Global organizations are under attack, and the attackers are more dangerous and persistent than ever.
Armed with a litany of next-generation cybercrime tools, they’re vastly different from yester-year
hackers and better enabled with targeted and persistent tools. While the motivations vary, the goal of
today’s cybercriminal and nation-state attacker is to become and remain trusted on targeted network in
order to gain full access to sensitive, regulated and valuable data and intellectual property, and
circumvent all existing controls.

Enterprises are increasingly turning to “next-generation” cybersecurity controls to detect advanced
attacks, safeguard sensitive data and IP, and reduce the risk of compliance violations and data breaches.
While the trend to deploy bigger, better and smarter end user devices and lower-cost, scalable software,
and virtualized hardware continues, the basic technology building blocks of network trust remain firmly
rooted within virtually all Global 2000 organizations.

Research findings in this report reveal that enterprises are dependent and rely heavily on the Secure
Shell cryptographic protocol (SSH) to ensure online trust and to protect valuable information, just as
they should. When used correctly, SSH is a solid IT security protocol that keeps an organization’s virtual
security doors firmly locked and accessible by only the appropriate networked systems and users.
Unfortunately, when left unprotected—through lack of visibility and controls—this security technology
can be misused by malicious insiders and other cybercriminals, allowing them to authenticate into
systems, servers and databases. The use of SSH keys provides adversaries with privileged and root
status, which allows unfettered access to systems and data.

The research also found that most respondents have no way to control, account for, or protect the
thousands of SSH keys in use within their IT environments. A finding proving that the lessons learned
from Edward Snowden’s attack on the NSA, where SSH keys provided undetected access that allowed
him to steal droves of classified documents, has changed little within Global 2000 organization’s policies,
procedures or controls for unprotected SSH keys.

September 2, 2014
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023