PONEMON 2014 SSH SECURITY VULNERABILITY REPORT

May 22, 2014

ponemon

KEY FINDINGS

Unprotected SSH cryptographic keys make nearly every enterprise server, virtual machine and cloud
service vulnerable to cyber attacks. Key Ponemon research findings include:

  • Three out of four enterprises have no security controls for SSH that provides cyber attackers root access

  • Over half of enterprises acknowledge that their organizations have already experienced an SSH key-related compromise

  • Yet 46% of enterprises do not rotate or change SSH keys, in spite of the fact that SSH keys never expire, which means this represents a perpetual vulnerability

EXECUTIVE SUMMARY

Global organizations are under attack, and the attackers are more dangerous and persistent than ever.
Armed with a litany of next-generation cybercrime tools, they’re vastly different from yester-year
hackers and better enabled with targeted and persistent tools. While the motivations vary, the goal of
today’s cybercriminal and nation-state attacker is to become and remain trusted on targeted network in
order to gain full access to sensitive, regulated and valuable data and intellectual property, and
circumvent all existing controls.

Enterprises are increasingly turning to “next-generation” cybersecurity controls to detect advanced
attacks, safeguard sensitive data and IP, and reduce the risk of compliance violations and data breaches.
While the trend to deploy bigger, better and smarter end user devices and lower-cost, scalable software,
and virtualized hardware continues, the basic technology building blocks of network trust remain firmly
rooted within virtually all....









© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023