Retail companies rely on an assortment of connected machines that most other industries don’t use. From credit card terminals to specialized e-commerce services, these machines require unique identities and security.
Secure Shell (SSH) keys are often used to authenticate retail machine identities and, in the process, provide the highest levels of administrative access within retail organizations. However, these powerful assets are routinely untracked, unmanaged and poorly secured. Unfortunately, this makes SSH keys popular targets for cyber criminals.
“Retail machines contain lucrative financial information,” said Nick Hunter, senior digital trust researcher for Venafi. “This makes retailers, and their transactions, prime targets for cyber criminals. Simply put, retailers face unique and significant machine identity threats.”
Venafi recently conducted a study that evaluated how retailers manage and implement SSH in their environments. With participation from 101 IT security professionals from the retail sector, the study reveals a widespread lack of SSH security controls.
For example, 81% of respondents acknowledge they do not have a complete and accurate inventory of all SSH keys. If retailers do not know where their
SSH keys are and how they are managing privileged access, it will be difficult to determine if any SSH keys have been stolen, misused or should not be trusted.
Additional highlights from the study:
Ultimately, it’s crucial for retailers to secure their SSH assets. “To protect their customers and their critical business data, retailers need a strong SSH governance program that provides them with complete visibility of all their SSH keys,” concluded Hunter.
Are retailers doing enough to protect their SSH keys?