In recent years, some of the world’s leading retailers and banking institutions have been ravaged by cyberattacks. But unless your personal data was compromised, details of those hacks were lost to the vagaries of the news cycle.
Then someone messed with our James Franco movie and our Christmas Day video games, and...well, we all have our boiling point.
All kidding aside, if we needed any further evidence of just how damaging a cyberattack can be, the high-profile November/December hack on Sony Pictures Entertainment and the Christmas Day attacks on the PlayStation and Xbox videogame systems are Exhibits A and B.
According to U.S.-government sources, North Korea was behind the Sony attack. Leaked data included passwords, full-length films and the Social Security numbers of some 47,000 people. The hackers released private emails that included unflattering comments about everyone from Angelina Jolie to President Obama, as well as sensitive details about the film futures of Spider-Man, James Bond and other iconic characters. The studio canceled the release of Franco’s movie The Interview (a comedy about a plot to assassinate North Korean dictator Kim Jong-un) in response to threats from the hackers.
Consider the lost productivity during the week-long outage, the loss of intellectual property and associated revenue, the loss of employees and contractors who left the studio, the eventual settlements of all the lawsuits related to leaked private information, and the loss of customer confidence. The damage to the studio is incalculable.
The cybersecurity firestorm reached critical mass on Christmas Day, when a separate unrelated attack shut down two popular gaming systems. What should have been the biggest videogaming day of the year turned into a financial and reputational disaster—not to mention a pretty disappointing Christmas for millions of people.
The flurry of cyberattacks sparked the same questions those retailers and bankers asked as they struggled to recover from their own attacks: how did this happen?
The Cost of Intelligence
In the past, enterprises relied on firewalls as gatekeepers between networks for the infrequent situations when internetworking was needed. Today, every “intelligent” device goes onto the network, has an operating system and becomes a target for attack. And the reality is almost everything today has some sort of built-in intelligence. Open doors are everywhere.
Here’s what we know about the nature and impact of most cyberattacks and unplanned IT outages:
- The average cost of a data breach in the U.S. is $5.4 million.
- Internal vulnerabilities are responsible for 70% of breaches.
- In the U.S. and globally, the most common cause of a data breach is malicious or criminal attacks, and they are the most expensive types of attacks.
- Unplanned data center outages can cost owners nearly $627,418 per incident.
These attacks can be devastating, and it’s harder than ever to prevent them. But there are some best practices to help avoid cyber-disaster.
1. Don’t leave the back door unlocked.
Allowing easy access to information is one of the most preventable causes of data breaches and data center outages. Of course, just because it’s preventable doesn’t mean it’s easy.
Virtually everything in today’s data center—from servers to critical infrastructure systems—has a Web interface and therefore an IP address. These systems often are networked so they can be accessed remotely, but too often cybersecurity is overlooked altogether in this process.
Network isolation can prevent—or at least flag—unwanted activity and attacks, since all access is logged. One way to isolate the network and limit threats while not compromising necessary access or performance is the use of out-of-band (OOB) management networks. OOB management networks are IP networks either physically separated or separated with VLANs from the main production network. The best OOB access platforms provide full, real-time access without giving hackers a back door to exploit. Although details are muddy, the recent disclosure of a cyberattack on a German steel plant that caused significant damage to a blast furnace appears to be an example of what can happen when control networks and outward facing networks are connected.
2. Make sure you have a strong Triple-A system.
We’re not talking about a minor-league baseball team. In cybersecurity, the three ‘A’s stand for Authentication, Authorization and Auditing, and they’re critical to securing your network data.
Passwords must change often, but that access process needs to be centralized and controlled, yet easy for administrators. Effective cybersecurity should offer fine-grain user authentication and access controls that do the following:
- Provide tiered, role-based access to devices and data. For example, a server administrator can access servers but not routers. An IT manager has access to all devices and log files, and data center managers can run reports on usage but lack access to any devices.
- Fit into your current permissions systems with the ability to authenticate users against your existing internal or external authentication services.
- Provide complete system and user-log management and event notification to help facilitate auditing and compliance.
- Automatically log out each user when a session window is closed.
3. Ensure deployment and maintenance best practices.
Security is a never-ending process. Even if you have best practices in place in your data center, circumstances change. Specifically, there are two occasions when your network could be at increased risk: when deploying new equipment and when performing service or maintenance.
Deploying or servicing data center equipment often requires atypical physical access and sharing knowledge and details about your data center with individuals outside your organization. New technologies also typically require software updates and sharing IP addresses and network ports to accommodate those updates. Even if the outside parties are people you trust, are you as confident in their security practices as you are in your own?
Be alert when scheduling these types of activities and observe best practices. Question vendors and service organizations about their security protocols. Regular username and password changes should be common practice, but make additional changes before and immediately after deployment or service activities. Be sure your firmware is updated regularly and your virus-detection software is current, and monitor access logs closely in the days and weeks immediately following these types of changes.
It has been predicted that the next wars will be fought electronically, and for many the battles have already begun. IT vendors such as Cisco and BlackBerry already are purchasing security brainpower to battle hackers and others who wish harm their customers. In some ways traditional enterprises will benefit from the ability to buy more-secure devices and better security-consulting services. For today, CIOs and IT personnel should be addressing critical vulnerabilities when prioritizing their actions and investments and should not ignore the inevitability of an attack.
About the Author
Rick Holloway is director of strategic product planning for Data Center Solutions at Emerson Network Power, where he is responsible for overall product direction and market-driven strategy. Rick is a professional engineer with nearly 30 years’ experience in technical management, international manufacturing, system architecture and business operations.