Continuity™ provides the industry’s ONLY storage & backup security solution, to help you protect your most valuable data.
In part 1 of this series, we discussed the difference between securing data and securing storage or backup infrastructure. Here we analyze specific risks to storage systems. We overview how storage attacks can occur, and highlight the industry’s knowledge gaps. Most organizations do not secure their storage, as they’re not aware of the risks.
Your organization’s data is a lucrative target for hackers. Whether cybercriminals exfiltrate sensitive information, demand a ransom, or commit fraud, a successful attack could do irreparable damage.
“You have to remind your board, that it can take 20 years to build a strong reputation in your industry. It can take five minutes of a cybersecurity event – and enough press – to tear it all down.”
Endré Jarraux Walls – CISO, Customers Bank
Unlike traditional data-centered attacks that target endpoints and servers, modern attacks move to focus on storage and backup infrastructure—which many organizations do not secure—to easily access the core data.
Can you blame the hackers? Storage systems are left neglected, hence they can get to your crown jewels.
A successful compromise at those levels enables attackers to wreak havoc “under the radar” of detection by any of the security measures or monitoring systems. Here are the main risks of such attacks:
A new research report on the state of storage security (due out in July) paints a grim picture: the average storage device or service (e.g., a storage array, a Fiber Channel Switch, or Virtual SAN) has 15 security misconfigurations, with at least 3 that are highly to critically severe. The report outlines the two most prevalent issues and the less common though risky ones.
It is tempting to think that you could solve your storage security concerns by patching clients (Host Operating Systems) and making sure there’s a backup solution in place. This thinking is obvious but totally misguided. Security hackers breach storage infrastructure in many creative not to say exotic ways:
NIST’s Special Publication (SP) 800-209 “Security Guidelines for Storage Infrastructure” is a great source to learn more about storage security.
Here are a few real-life examples of how hackers exploited poorly secured storage and backup environments:
The above scenarios explain why so many CISOs are insisting on running an evaluation of their storage security IQ, processes, and controls.
It’s time to automate the secure configuration of your storage & backup systems.