Is it me, or has the cybersecurity landscape been a little bit quiet during this national cybersecurity month? After a wild 2017 and early 2018, the cyber threat landscape seems significantly slower. At the very least, the publicity around it has quieted down. Rest assured though, the threats are still there. Many organizations are still woefully underprepared to fight and respond to threats that are present and becoming more sophisticated every day. In this article, we’ll take a deeper look and provide some thoughts on how organizations can better protect against these threats. Not to give away the answer early, but it starts with Silicon Root of Trust.
We may be desensitized, but the threat is still real
Security is not a trend. It is ever present and the threat to organizations is still very real. Bob Moore from Hewlett Packard Enterprise(HPE) and James Morrison with the Federal Bureau of Investigations (FBI) sat down earlier this year to talk about the state of cybersecurity and the numbers are jaw-dropping. I recommend you watch the video, but in a nutshell, the attacks are getting more frequent and more insidious. Additionally, the cost associated with cybercrime continues to climb.
IoT introduces a whole new threat
Depending on which statistics you believe, the internet of things (IoT) and the industrial internet of things (IIoT) is projected to consist of anywhere up to a trillion devices. Even if the real number falls well short, billions of devices will be powering and automating our homes, factories, power plants, vehicles, stores, hospitals, labs, and more.
These devices will create unprecedented levels of data, that will be collected, transformed, analyzed, and turned into actionable intelligence by servers residing at the edge (and eventually stored in the datacenter). HPE is gaining market momentum with its Edgeline portfolio—servers and software that allow for the intelligent edge to be just that. These servers don’t sit in the secure confines of a datacenter or server room. They reside in those industrial environments to enable real-time analysis and control. On scheduled intervals, they backhaul all of that data to servers in a central datacenter.
In some ways, to say that IoT introduces a new threat is misleading. Remember the Target data breach? 110 million customer credit card numbers were stolen as the result of an HVAC contractor’s stolen credentials (yeah, the air conditioning guy). How about Home Depot ? Again, a third-party contractor’s credentials were compromised, leading to about 56 million customer’s credit and debit card numbers being stolen. However, this is just one vertical in the IoT/edge market. New edge deployments across all verticals are accelerating.
How does an organization tasked with managing this environment have any confidence that they are deploying infrastructure with the highest levels of security and the tools to provide real-time detection, prevention, and recovery from attacks? We’ll get to this in a little bit.
We are only human (It is no longer about securing the frontiers)
As a collective, IT has done a good job of securing its frontiers. Rare is the case that you read about an organization being exploited due to a frontal attack from hackers. Rather, malware, trojans, and other indirect methods are now used to exploit the enterprise. The common thread in all of these attacks is the human element: employees that open phishing emails disguised as coming from HR, disgruntled “short-timers” who decide to leave a “gift” as they depart the company, or simply a contractor who may be a little laxer with security protocol (read: Target hacking).
It is these indirect phishing attacks that allow hackers to implant malware on servers, routers, devices, and other infrastructure that can sit undetected for days, weeks, and even months. While this malware sits undetected, it spreads its tentacles further and deeper into the network and, once fully infiltrated, will “wake up” and bring down entire organizations’ infrastructure. Data and user accounts are often held hostage until a payment is made. In the Moore/Morrison video, there’s a great discussion on the emergence of organized crime getting involved in ransomware. The modern cyber-attack is no longer conducted by script kiddies—it’s a big business that has drawn the attention of big crime syndicates.
In some cases, the path to recovery is non-existent. Nation state or hacktivist attacks can lead to data manipulation or permanent destruction of data and/or infrastructure. Ideologues and geopolitical foes often have no price tag.
What to do?
This really is the question of the day. IT organizations would be wise to make the investments in people, processes, and infrastructure to protect against the emerging threats in the datacenter and the edge:
Invest in people & processes: Hiring a CISO is important. Allowing that CISO to build out their team is equally important. Many organizations stop here. To protect against an organization’s greatest vulnerability, allemployees must be hyper-vigilant.
Does your IT organization include cybersecurity training as part of a new-employee orientation? Is there regular communication to employees detailing threats and related emails to look out for? How often does your IT organization perform vulnerability assessments? Finally, what is the documented response when an employee clicks on that tainted email? If any of these questions have no documented answer, consider your organization vulnerable and take the corrective actions.
Invest in infrastructure: Thanks to virtualization, server lifecycles seem to extend longer and longer. While this is seemingly good economically, it can cost your organization in the long run. Newer data center infrastructure equipment has state of the art security protections built-in that protect far better than older product generations against the new attacks that are more complex and insidious. It’s important to refresh and upgrade to the latest generation of servers, to take full advantage of new cybersecurity technologies available.
When it comes to building-in new security protections, companies like HPE have some of the deepest levels of security in the industry in its ProLiant Gen10 servers. It starts with HPE’s Silicon Root of Trust—security embedded at the lowest levels of the control plane to ensure an immutable boot process. Before a ProLiant Gen 10 server boots, its cyber “fingerprint” is compared to an immutable image. If any anomaly is detected, the server can automatically be restored to its last known good state if an organization has deployed the latest HPE iLO Advanced Premium Security license. HPE even goes a step further and can restore Gen10 ProLiant servers after ransomware attacks with the server system restore (MI&S has covered this capability in detail here and here).
There is no silver bullet when it comes to securing your environment. The question is not “if” an IT environment will be attacked, but “when.” That being said, companies do not necessarily have to suffer the consequences of a cybersecurity breach, if they have the right product capabilities to recover and restore quickly. The explosion of IoT devices and big data puts your organization at greater risk now than ever before.
There are ways to mitigate the risks that are introduced with IoT devices and edge computing environments. Invest in people. Codify processes. Invest in infrastructure like HPE’s Gen10 ProLiant and Edgeline portfolios with Server System Restore to ensure your edge environment (and datacenter) is not the wild west of cybersecurity.