Security News > 2020 > February > Mismanagement of Device Identities Could Cost Businesses Billions: Report
Specification of the part played by SSH abuse within a breach report is rare despite compromised machine identities being used by attackers to hide their malicious activity, evade security controls and steal a wide range of confidential data.
In a report sponsored by cryptographic key and digital certificate management firm Venafi, AIR Worldwide suggests the cost to U.S. business is between $15 billion and $21 billion; or between 9% to 13% of the total U.S. economic loss caused by cyber events.
"Unfortunately," comments Kevin Bocek, VP security strategy and threat intelligence at Venafi, "Many businesses are relying on processes and techniques from over 20 years ago, which poorly protect machine identities and, as AIR Worldwide found, can result in billions of dollars of loses. Digital transformation is dependent on cloud, microservices and APIs, and all of this requires the authentication and privacy that machine identities provide. Cybercriminals understand that breaking this link means hitting the jackpot."
The cost of abused SSH keys to business is likely to get worse before it gets better.
As business transformation proceeds, and enterprises have more and more machines communicating directly and unattended - including across the IT/OT boundary - the threat and cost of stolen SSH keys will only increase.