Your business, like many companies, have adopted several cloud services, where the price and convenience outweighed the higher cost of hosting the application on your own servers. These services, be they email, documents, applications, databases or other collaboration tools, have broken the tightly guarded walled garden that your IT team has created behind your firewall and VPNs, allowing access to your company data via additional vectors with various security controls.
Most of these applications are only protected by one simple permission: the password.
Data breaches are becoming more and more commonplace. Lost and stolen data has exceeded six billion records in the past few year – an average of over 165,000 records compromised every hour! The related damage is estimated to exceed $6 Trillion annually by 2021. The recent Equifax breach, of a 143 million people (there are only 250 million or so adults in the US), highlights the vulnerability of weak passwords and open data portals.
In order to safeguard our important assets and reduce the risk of breaches, we need to rethink on how we approach organizational security
New technologies, platforms and applications have accelerated the disintegration of the corporate security perimeter, creating a multitude of identities, user names and passwords. This use of cloud computing has increased trends of enabling employees to access network servers and sensitive information from outside the enterprise. Companies with static perimeter-based security methods (Firewalls, VPNS) will have a hard time managing both employee and partner access to critical data while maintaining any semblance of security.
Cyber criminals take aim at identities, from all types of users in your organization, from privileged users to vendors. They focus on weak passwords and social engineering to achieve their aims. Nearly two-thirds of all recently confirmed data breaches involved weak, default, or stolen passwords. In the first quarter of 2016 alone, there were an estimated 6.3 million phishing emails and 93% of all phishing emails contained ransomware.
No one is safe. In 2016, Yahoo revealed that the account information for over ONE BILLION consumers, including names, email addresses and encrypted passwords, were compromised by a data breach in 2013.
Dozens of companies experienced major outages when the DNS provider Dyn experienced a severe and extended Denial of Service attack (DDoS). What was the cause? Passwords. Default passwords on millions of Internet of Things (IoT) devices that were hijacked and used together as the Mirai botnet.
Next Stop, Security
How do we protect against breaches in our organizations, with this porous, multi-vendor, cloud-based enterprise? You must be able to adapt to new threats as they emerge. You must be able to incorporate cloud, mobile, IoT and other technologies, into a seamless defense, following your users as they work across applications and tools – Wherever they are hosted.
Companies must adopt Identity and Access Management (IAM) solutions and practices that significantly reduce the likelihood of a data breach, by enabling secure access to your data from any device, for users inside and outside your organization.
How do we do this?
- Consolidate identify stores into a single directory
- Implementing single sign-on
- Governing access through time-bound and temporary privileged access
- Automating mobile application provisioning and deprovisioning of applications
- Automatically deprovision privileged user access as they terminate from your organization
- Eliminating the use of shared administrative accounts and centrally controlling access to shared service accounts
- Recording all privileged sessions or commands
- Automating role-based provisioning of applications and infrastructure
Forte can help your company ensure that identities are protected through an integrated solution across applications, devices and infrastructure.
Data protection solutions are essential for businesses of all sizes to implement, regardless of size, industry and geographic location. In this article we discuss the importance of business continuity rather than simply backup.
Downtime is real and it’s costly. How costly exactly? Depending on the size of the organization, the cost per hour of downtime is anywhere from $9,000- $700,000.
On average, a business will lose around $164,000 per hour of downtime.
The numbers speak for themselves. What causes downtime?
- Network outages and human error account for 50% and 45% of downtime, respectively.
- Meanwhile, natural disasters account for just 10 percent of downtime.
- When you look at the cause of downtime by data volume, the #1 culprit is, once again, human error, at 58%.
Just look at the recent Amazon AWS outtage: http://www.geekwire.com/2017/amazon-explains-massive-aws-outage-says-employee-error-took-servers-offline-promises-changes/
As it turns out, businesses should be more wary of their own employees and less of natural disasters. If you’ve been putting off data protection because your organization is located far from any inclement weather, be warned: the bigger threat to your data is inside of your company, not the great outdoors.
What’s at stake?
2.5 quintillion bytes of data are generated daily. And 90% of the total data in existence was created within the past few years, a significant portion of which has been generated by small businesses. Considering all the servers, desktops, and laptops that the typical SMBs manage, it adds up to a lot of data to protect. Yet nearly 75% of SMBs operate without a disaster recovery plan and only 25% are “extremely confident” that they can restore data if it was compromised.
Only 50% of SMBs back up less than 60% of their data. The remaining 40%? No protection for it whatsoever.
How much does this cost? Over the past few years, 35% of SMBs lost as much as $500K due to downtime. An unlucky 3% lost over $1 million.
What to look for in a business continuity solution
To sum up what we’ve learned today, here are some key things to look for when seeking a business continuity solution:
- Hybrid cloud backup—A hybrid approach fixes the vulnerabilities that a cloud-only or local-only possess.
- Superior RTO and RPO—Think in terms of business continuity rather than simply backup, and calculate how much downtime your business can endure and still survive (RTO) as well as how much data you can afford to lose (RPO).
- Image-based backup—Make sure that the backup solution takes images of all data and systems rather than simply copying the files.
Forte, in conjunction with our business continuity partner, Datto, can help your company meet it’s disaster recovery targets. No matter if your downtime was caused by a hardware failure, ransomware or the inadvertent keystroke of a well meaning employee.
The tremendous success of ransomware infections over the past year showed cybercriminals that holding data for ransom is the key to making money from online attacks. Ransom-based attacks are evolving, and if enterprise defenders aren’t careful, they are going to soon see more ransom notes popping up on their servers, databases, and back-end applications.
Consider last week’s events: After Victor Gevers, a security researcher and founder of GDI Foundation, reported several hundred instances of publicly exposed MongoDB installations had been wiped and held for ransom over the previous two weeks, several other attackers joined in, bumping the number of compromised databases from several hundred to more than 10,000.
The attackers didn’t need to bother with malware to gain access to the database or the information saved within—the door was wide open since these MongoDB installations used the default configuration, which allowed unauthenticated connections via port 27017. These databases were fully accessible from the internet, and anyone connecting via that port had full administrator rights to read, create, update, and delete records.
While compromising a few systems and encrypting the data in large enterprises will continue to be lucrative—healthcare facilities paid out thousands of dollars in 2016 to regain control of their data and systems—attackers are going to change tactics to keep their income stream flowing. Databases, web servers, application servers, enterprise resource planning (ERP) systems, and other enterprise applications all contain valuable information that can disrupt business operations if stolen.
“Attackers are always looking to increase the value of what they steal,” said Jeff Schilling, chief of operations and security at cloud security provider Armor.
It’s a safe bet that even if the enterprise doesn’t use MongoDB, which is widely used in big data and heavy analytics environments, it may be running other servers or applications that are accessible from the internet and vulnerable to attack. Criminals can easily shift their attacks to those servers and applications. Already, last spring, researchers from Cisco’s Talos Security Intelligence and Research Group found that attackers were exploiting vulnerabilities in JBoss application servers to spread SamSam ransomware.
New targets, new victims
The data contained on those systems don’t have to be something the attacker can sell on the black market—it just needs to be valuable to the owner. It doesn’t matter if the database or back-end system doesn’t have financial data or transactional information. Application source code, personnel files, organization data, and entire application servers are all valuable.
“As long as it’s valuable to someone, attackers can target it for ransomware in order to make a profit,” said Jordan Wright, an R&D engineer at authentication company Duo Security.
Ransoms are most effective when there are no backups to restore the data. While most enterprises typically have some kind of backup strategy in place for databases and critical enterprise applications, they may still be forced to pay because of the perception that it will take too long to restore from backups.
In the case of those enterprises with compromised MongoDB installations, at least 20 victims sent the 0.2 BTC ransom (about $220 at current prices) to the BitCoin address used by the initial attacker between Dec. 21, 2016 and Jan. 6, 2017, according to information available on Blockchain.info.
Imagine being an Oracle or SAP administrator and one day finding that an attacker had copied all the data and then wiped the systems.
In case the idea of data stolen from code repositories and databases wasn’t scary enough, software-as-a-service applications could become the next ransom target, Schilling said. An attacker could demand the ransom from the SaaS provider by successfully breaking into the network and disrupting operations, or from the SaaS customer by preventing the customer from accessing the data. A network breach on the provider side seems unlikely, but not impossible, since SaaS companies tend to invest heavily in securing their infrastructure.
But then, the massive DDoS attack against DNS provider Dyn affected SaaS providers adversely, without even touching their networks. That ransom demand could have gone sky-high, had the attackers gone that route.
Customer-side ransoms sound even more likely. There are already ransomware strains capable of encrypting data on cloud storage sites by infecting a computer that had a synced folder. Attackers can use stolen or compromised credentials to gain access to the customer’s SaaS instance and all the associated data. Whether the customer would pay would depend on how quickly—and completely—the provider would be able to restore the data.
All kinds of attacks, not just malware
It will be a mistake to keep focusing on the malware. Yes, there are reports of ransomware on Smart TVs, and malware will continue to encrypt data stored in enterprise networks. However, ransomware isn’t the only way cybercriminals have extorted enterprises in the past, and it isn’t going to be the only approach going forward.
Attackers are trying to figure out which types of data companies consider valuable, and which organizations are more likely to pay. The initial MongoDB attacks were originally nondiscriminating and compromised any open MongoDB installations, but security researchers believe the latest attacks are more selective, targeting healthcare providers, telecommunications companies, data brokers, and electric utility firms.
IT teams need to expand their focus and look at all the various ways their data could be stolen. Don’t get bogged down looking for malware samples or signs of infections, because the attacker demanding the ransom may use other methods to hold the data.
Attackers connected to vulnerable MongoDB installations via port 27017. Organizations using the default installation of MongoDB should update their software, set up authentication, and lock down port 27017.
That advice applies to other databases, servers, and applications as well. ERP systems such as SAP need to be configured to consider security. Database ports should be locked down. Software updates should be applied as soon as possible. Restrict remote access and require strong authentication for any user accounts that require remote access rights.
Administrators need to control and limit access to their organization’s data stored in their servers as well as in cloud applications. “Without mitigating controls like two-factor authentication, attackers can take over the data a user has access to by simply sending a phishing email,” Wright said.
IT teams need to stop thinking of ransomware as a malware infection and start thinking of a broad range of attacks that have an extortion component. This means beefing up data breach detection capabilities, securing systems so that data can’t be easily obtained, protecting the data even when defenses fail, and improving incident analysis so they can investigate thoroughly when something goes wrong. The attacks against MongoDB installations are just the beginning.
The transition from wired to wireless networks is happening across the business world, especially as the technology underpinning wireless advances. Besides the convenience factor, wireless is also increasingly preferred over wired networks due to the security benefits available through proper implementation. However, many IT departments and companies are unfamiliar with the security advantages of wireless, especially given its shaky reputation in the past. Here is what you need to know about the wireless of today and how it stacks up against wired networks.
We like to think of the world as a safe place, and that the likelihood of harm coming to your small business via cyber attack is low. However, the truth is that there are individuals out there who would like nothing more than to access your company’s sensitive data for their own gain. It’s the modern equivalent of bank robbery, and hundreds of businesses each year fall victim to this type of theft. Read more
Software-Defined Networking, or SDN, has, in the last few years, experienced a meteoric rise to prevalence. Read more
Phishing, the art of stealing passwords and confidential information using trickery and gullibility, is a continuously evolving art. It can be very simple to very complex, but draws in enough victims to be highly profitable and something that is not going away anytime soon. Read more
No matter what business you’re in, the most important thing you can do for its survival is making sure that your assets and capital are both secure and protected from loss or damage. For many modern businesses, their primary asset is data. Data is an integral part of how virtually all businesses operate today. Although the method and medium (tape, disks, cloud) have changed, the need is universal.
For most businesses, organizations, and individuals, data is everything. Unfortunately, it can all be lost within a matter of seconds. This makes data replication absolutely essential for your protection. With so many options to choose from, it can difficult to determine which one is best for you. Let’s look at several of the best practices for data replication between data centers. Read more