Not that long ago, an enterprise’s environment or network was considered secure and protected against hackers if its outer perimeter – email servers, web servers, desktops, etc. – was equipped with firewalls, authentication routines, anti-virus software, and so on. Non-internet facing systems such as core data storage, located further from the network perimeter, were considered sufficiently safe if network endpoints were hardened.
One of our recent webinars discussed, in part, how this assumption no longer holds true. It talked about what’s different now and how to plan and implement measures that effectively address enterprises’ need to secure their valuable core data assets – the data at the heart of, and required for, daily operations.
What’s different now?
Times and targets have changed. Whereas just a few years ago, disabling or stealing an organization’s core data was the stuff of high espionage, today, every organization must consider itself a likely target of a cyberattack that could bring their operations to a halt.
Intent is nefarious. Clearly, malware has always been malicious and many cyberattacks are motivated by financial gain. Today, however, we’re seeing more sophisticated attackers, targeting more enterprises that they believe will pay to get their data back.
Storage is becoming a target. Attackers realize that data in storage systems are key to organizations’ operations. A couple of months ago, storage devices made by QNAP Systems storing backups and important files were the target of ransomware attacks. Mid-July saw Lenovo reporting on a 36TB (!) “data leak,” potentially exposing sensitive financial information residing on Lenovo-EMC storage products.
For such scenarios, endpoint-focused security practices are partial at best, and dangerous, negligent and non-compliant with regulation, at worst. Core data storage needs to be the focus of special protection. CISOs should extend InfoSec vulnerability management, which currently covers host OS, DBs, web applications, desktop, etc., to include security of key data storage systems. Considering what’s at stake, it makes no sense that critical storage systems that are essential to your daily operations and hold core critical information used by virtually every application are left unprotected and vulnerable.
In fact, recent cyberattacks provide an object lesson demonstrating the change in the threat landscape and how necessary it is for CISOs to take charge of data storage security.
Cyberattacks succeed thanks to system vulnerabilities. In the case of QNAP, the attackers zeroed in on systems with weak passwords and once in the device, encrypted the storage files and demanded ransom. In the Lenovo incident, a firmware vulnerability allowed unauthenticated users to access storage files via the API which was “trivially easy” to exploit. In addition, many of the devices involved were legacy and not even supported any longer.
Poor security practices also figured in another recent ransomware attack in a small Florida, USA city where, although all the city’s data was faithfully backed up – the storage copies resided on the same network that was attacked.
It’s interesting that these vulnerabilities were so obvious and yet were not addressed, or perhaps, were left for another day. We’re not being glib here. We know what it means to implement environment upgrades and changes of this magnitude. But when best or even standard practice isn’t followed, and your worst nightmare becomes a reality, you realize the cost of leaving vulnerable systems and poor practice intact.
Organizations of all sizes must ensure that their storage environments are configured in a secured way. Various standards such as NIST, CIS, ISO, and others issue guidelines for how and where to store data and data copies and these must be followed in order to be regulation-compliant and achieve resilience. To maintain resilience, organizations would be very well-advised to implement an automated data storage resilience assurance solution that routinely, even daily, validates the status of configurations and warns of misconfigurations that can potentially provide an opening to cyber attackers.
Continuity Software’s Data Security Advisor™ solution checks for vulnerabilities, violation of industry best practices, organizational security baseline requirements, ransomware guidelines and non-compliance with regulation that could impact resilience and recoverability of core storage systems. And, the solution enables enterprises to easily meet regulatory, InfoSec and audit requirements.