What Is Cybercrime?
The criminals of the world have adopted the digital dimension of modern life. Cybercrime is the evolution of the traditional crime - with new tools and a new, largely digital, underworld. While the early days of the Internet and online transactions were done with little concern for personal or organizational security, in today’s digital landscape security is an integral part of all operations – personal or corporate.
We protect our homes and offices against crime with locks and doors – we protect our digital assets against cybercrime with encryption (such as SSH), access control (such as SSH key management), and other cybersecurity measures (such as monitoring trusted access).
Evolution of Cybercrime – Advanced Persistent Threats
Early days of cybercrime – the first wave of “hackers” – were relatively low-impact players – rarely professional and often poorly organized. This has changed, and today cybercrime is well-organized, well-funded, international, and professional. The attacks are focused on lucrative targets – banks and other finance, energy, and other sectors where a success in crime can yield attractive payoffs.
Cybercrime utilizes a wide variety of highly specialized attack mechanisms – the threats are advanced and persistent. The term Advanced Persistent Threat has been coined to describe cybercriminal activity that is aimed at specific targets.
Cybercrime has also evolved with its “business models” – in the early years of digital crime the objective was often doing random damage to networks or platforms whereas the present targeted attacks are after specific organizations for identity or information theft. There are also examples of “digital extortion” in the form of “ransomware” that hijacks the victim’s data and releases it only in exchange for money. The more advanced attacks and threats may also seek to damage the reputation and business of the victim with various digital means.
The advanced persistent threats seek vulnerabilities in the processes, policies, systems, and tools used by the target organization. Even a security technology that is poorly managed can be a targeted attack vector for such a threat (see Computerworld article on SSH keys).
Unmanaged Trusted Access – A Serious Risk
The cybercriminals seek targets and attack vectors that provide the highest available level of privileges and the widest possible surface for attack. If left without proper control, the ubiquitous SSH protocol that is used for interactive and automated server maintenance and secure file transfer is an attractive target. In most organizations the SSH keys make up for as much as 80% of all access credentials. Typically there are considerably more SSH keys within a corporate network than there are employees or user accounts.
The use of SSH protocol is practically mandatory - compliance requirements and common sense alike require that all access to critical resources be protected. SSH provides this protection. It is deployed in all Unix and Linux servers and provides the only reliable and robust way for system-level access to critical IT resources. It needs to be taken under the corporate IAM strategy and controlled with a well-designed access policy and an efficient SSH key management solution.
Protecting Digital Assets from Cybercrime
Protecting, managing, and controlling the SSH keys means protecting the identities of employees and processes. Each SSH key has been created and provisioned to provide access to a resource. Since these keys do not expire, an unmanaged environment keeps on accumulating access keys in a way that is not desirable or compliant with neither good practices nor regulations.
Proper SSH key management protects the access to critical enterprise resources and enables compliance with information security regulations such as SOX, HIPAA, PCI-DSS, and others.