Skip to main content
banner image
venafi logo

Financial Impact of Cyber Attacks on Banking Sector as a Result of Poor SSH Key Management

Financial Impact of Cyber Attacks on Banking Sector as a Result of Poor SSH Key Management

Financial impact of cyber attacks on banking
August 23, 2018 | Guest Blogger: Anastasios Arampatzis
Findings of the IMF Studies

Recently the International Monetary Fund (IMF) published Working Paper “Cyber Risk, Market Failures, and Financial Stability” (WP/17/185) and a blog by the Organization’s Executive Director Christine Lagarde. The main conclusion of both documents is that cyber risk has emerged as a significant threat to the financial system. In accordance with these reports, all types of banks, money transfer services, and third party payment processors have seen their systems compromised. Financial market infrastructures have been attacked and the effects from downtimes and service disruptions due to successful attacks have the potential to be widespread and systemic. Another finding is that cyber-attacks evolve quickly and are highly dynamic by nature, which complicates risk assessment. Successful attacks have already resulted in data breaches in which thieves gained access to confidential information, and fraud, such as the theft of $500 million from the Coincheck cryptocurrency exchange.

In accordance with Christine Lagarde, an IMF staff modeling exercise estimated that annual losses to financial institutions from cyber-attacks could reach up to $350 billion, eroding bank profits and potentially threatening financial stability. As a result of this estimation, surveys consistently show that risk managers and other executives at financial institutions worry most about cyber-attacks than eminent geopolitical risks or recent revelations such as Brexit.

Why Banks Are Vulnerable?

The financial sector plays a crucial role in intermediating funds and in political and societal stability and prosperity. A simple look on the outcomes of the euro crisis in countries such as Portugal, Ireland and Greece is enough evidence to understand the criticality of the financial sector stability. That is exactly the reason why banks are attractive targets and hence vulnerable to cyber-attacks. A successful cyber-attack on one institution could spread rapidly through the highly interconnected financial system. One vulnerability highlighted by both IMF documents is that many institutions still use older systems that might not be resilient to cyber-attacks.

Another vulnerability is the ability of these institutions to manage effectively the SSH keys. SSH keys enable ongoing automatic connections from one system to another, often without the use of a second authentication factor. These connections create a persistent trust relationship, one that cyber criminals and malicious insiders are eager to access and misuse. A July 2017 survey of 100 financial services security professionals in the U.S., U.K. and Germany measured how well their organizations implemented security controls for SSH keys. The results show that most financial services organizations are underprepared to protect against SSH-based attacks, with fewer than half following industry best practices for securing SSH keys.

In accordance with the survey, SSH keys are routinely untracked, unmanaged and unmonitored. In fact, most financial services organizations do not set policies and controls that limit how SSH keys can be used. Unfortunately, this is also true for several of the Fortune 500 enterprises. The findings of both surveys indicate that the organizations have extremely large numbers of SSH keys - even several million - and their use is grossly underestimated. They have no provisioning and termination processes in place for key based access. They have no records of who provisioned each key and for what purpose, and they allow their system administrators to self-provision permanent key-based access, without policies, processes, or oversight.

Solution to the SSH Key Management Problem

In order to remedy this grave and dangerous situation, NIST has issued guidance on SSH key management known as NIST IR 7966. In addition ISACA has published guidance on how to audit SSH, including SSH keys. Both documents highlight the need to assess SSH keys and usage, associated privileged identity, complete logging and compliance. They also suggest controls, configuration options and other techniques to ensure robust and compliant management of SSH keys.

The recommendations include actions such as the implementation of access periodic reviews, the creation and implementation of hardening configuration considering automated configurations management tools, and the application of integrity control checks and monitoring over critical files. Other key points include the definition of roles and responsibilities over who owns SSH key management, the automated deployment of SSH keys, the inventory of keys, the usage tracking and the governance of SSH keys as part of the overarching risk assessment process.

The aforementioned recommendations for SSH best practices indicate that successful SSH key management is not a one-time task, but ongoing security procedures that should be regularly audited, including a regular review of entitlements and trust relationships. Both documents imply that “manual” SSH key management can lead to severe vulnerabilities and they propose the use of automated configuration management tools, such the Venafi Platform.

The Venafi Platform improves SSH security with a centralized, complete and accurate view of the SSH key inventory. Enterprise wide automation of the entire SSH key life cycle from issuance to decommissioning minimizes the risk of misuse. With Venafi Platform, financial institutions can secure and control all SSH keys for safe use of this security protocol and minimize the risk of unauthorized privileged access to critical systems and data.

Related posts<

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

silhouette of a person waving goodbye at an airport

EV Certificates: It’s the End of the World as We Know It (and I Feel Fine)

executive man with forward looking glasses leaning up against a wall, self assured

Why Is NIST SP 1800-16 So Important? [Think Executive Buy-In]

two people starting at a robot, replacing their jobs

What is the ACME Protocol and How Has It Changed PKI?

About the author

Guest Blogger: Anastasios Arampatzis
Guest Blogger: Anastasios Arampatzis

Anastasios Arampatzis is a retired Hellenic Air Force officer with over 20 years of experience in evaluating cybersecurity and managing IT projects. He works as an informatics instructor at AKMI Educational Institute, while his interests include exploring the human side of cybersecurity.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat