If you talk to most IT professionals about security, a common response is, “We are all set.” Press a little harder, and you’ll find their confidence is rooted in a secure perimeter coupled with identity management and access control, and host and network intrusion solutions. If an organization is a little more progressive, it may use a utility like Splunk Enterprise Security for more analytics-based intrusion detection and mitigation.
One could argue the success of the utilities identified above have driven the hacking community to be far more creative in approaches to datacenter intrusion. Consider these examples:
In the 2009 timeframe, the largest cyber assault on the US Militaryoccurred by an infected USB stick being inserted into a laptop in the Middle East. While the damage was never publicly quantified, the Pentagon stated that this single USB stick created a beachhead into both unclassified and classified servers.
Red October, discovered in 2012, was malware that ran undetected for five years. Its purpose? To collect diplomatic secrets. Its attack vector? A Trojan-laced email.
Finally, perhaps the most well-known example is the hack of the Democratic National Committee (DNC) servers by Russian Intelligence Agencies during the 2016 election cycle. This happened despite warnings from national security agencies. We all know the outcome. As with Red October, it appears that this attack started with a phishing expedition.
In all the above examples, the bad guys gained access to data not by penetrating the impenetrable perimeter. Rather, they gained access through human error: someone’s curiosity being piqued by a USB stick found in a parking lot, or someone opening a very authentic looking email and unwittingly giving away network credentials. For a hacker with less than ethical standards, this is the most surefire way to gain access to sensitive data—people will always be people. Nobody is hyper vigilant all the time, and hackers will be waiting to take advantage.
A Microsoft presentation on cybersecurity at Inspire gave some pretty interesting statistics. In 2016, 23% of recipients opened phishing emails, and 50% of those that open attachments do so within an hour of receiving. This would dictate that most enterprises are at risk of being hacked the cost for this cybercrime is anticipated to hit $2 trillion globally in 2019.
What’s your plan?
Given the world we live in, where no server is safe and all data is exploitable, the focus of IT should expand from “protect” only to “protection, detection and recovery.” Assuming malware is going to find its way into a datacenter, how quickly can your organization detect the threats? Furthermore, how prepared is your organization to respond by removing the threat and mitigating damage? Another scary statistic cited by Microsoft is from a NACD study that found 38% of organizations (spanning all sized) have no cyberbreach response plan.
Invest in infrastructure
On average, malware sits undetected for over 100 days. This longevity can be attributed to the fact that the malware is attacking server hardware at the lowest levels and sitting virtually unseen. However, new security technologies such as Hewlett Packard Enterprise’s Silicon Root of Trust (RoT) remove this vulnerability. By establishing Silicon RoT the moment power is applied, HPE servers create an immutable firmware fingerprint that is continually validated. In the event firmware is spoofed or otherwise altered, HPE servers will detect and roll back to the last known trusted state. In this case, HPE is providing comprehensive protection, but also a path to quick recognition and rapid response.
It is new technologies like HPE’s Silicon RoT that will help organizations mitigate the risks posed by a cybercrime industry that has become highly sophisticated and organized. Because technologies like this focus on protection, detection and recovery, organizations of all sizes can have a bit more confidence in their cybersecurity strategy.
Deploying technologies and policies to defend against cyberbreaches is a good first step in protection. To ensure the greatest level of orchestration between these tools, consult with others. Companies like HPE have a complete portfolio to address cybersecurity; from servers and hardware, to professional service organizations (like Pointnext) to drive completeness in cybersecurity strategy, planning and execution.
There are many resources available to learn about better securing your datacenter. Moor Insights & Strategy has researched and written on this topic extensively. Additionally, companies like HPE have spent a lot of time considering this new world of threats and how to best protect against them. As an industry, we would all be well served to better consider our cybersecurity strategies and plans.