This piece originally appeared on the June/July 2017 issue of Australian Security Magazine.
Hardly a week goes by without widespread coverage of a new threat, attack or breach of a large organisation that affects thousands of stakeholders reliant on it. The WannaCry ransomware attack is still fresh on our minds and the scope of its damage is still being realised. Cybersecurity is far more than ones and zeros – we’re all part of the ‘cybersecurity defence system’, not just information security consultants and IT departments.
How Australia is faring
Australian organisations are no exception when it comes to cyberattacks – CERT Australia, the main point of contact for cyber security issues affecting major Australian businesses, responded to almost 15,000 incidents in fiscal year 2015-2016. This number only reflects the number of reported incidents. With cybercrime on the rise and mandatory breach disclosure on its way within the next year, we could see this number rise sharply.
So who is being targeted? Unsurprisingly, high-yield targets such as Energy and Banking come out on top. Of the incidents responded to by CERT Australia in that timeframe, more than one third were directed at Energy and Banking.
It’s important to recognise that random or targeted attacks on one specific organisation have a knock-on effect to consumers and other sectors and organisations. This effect is increasing as we create more IT-related interdependency – the growth of IT services, cashless transactions, and the overall journey towards IoT means cyberattacks will have an increasingly heavy and more widespread impact.
Targeting the data centre
Most people associate cyberattacks with software – attacks coming through malware, emails, etc. However, in this connected world the data centre itself is by its very nature the main point of connection between an organisation and its third-party suppliers, and indeed the outside world. It is a high-risk area, make no mistake.
Data centre outages can cripple a business, particularly as reliance on IT services increases. Cybercrime is the second leading and fastest growing cause of data centre outages worldwide.
The various nodes of access within any data centre – wire, fibre, airwaves, etc. – need to be protected from intrusion as skilled actors can use them to access the data centre, and all the valuable data it stores. Fibre, network and communication nodes are generally considered the most likely targets, especially for the infamous DDoS attack, the kind that took down more than a dozen prominent websites last year, including Twitter, Spotify, Netflix and Amazon.
How to protect your data centre
Businesses now want a clear understanding of existing cybersecurity provisions and situational awareness. This means a comprehensive plan addressing every aspect including firewalls, threat detection, anti-virus management, tools, patches and software revision control.
On the data centre side, it means specific actions such as mandatory data centre infrastructure management (DCIM) deployments to assess unused or underused assets within a data centre – idle servers are prime targets for Trojan Horse attacks, IT compartmentalisation, improved infrastructure resiliency and more.
While there is no clear, universally agreed-upon strategy or footprint to protect the data centre, there are plenty of actions you can take to keep it safe.
- Establish a perimeter, likely the data centre itself but possibly including rooms around it
- Build an inventory of all IT, network, storage and IP assets, as well as anything connected either directly or remotely
- Remove unused assets
- Identify all data centre users – assign unique access and usage policies
- Change the passwords at least every 90 days
- Create a mandatory admin policy that begins with changing all Original Equipment Manufacturer (OEM) default settings before starting a network connection.
Other steps you can take are attending a local data centre users’ group meeting or conference, where you can speak to or hear from a local expert on what the current threats are and how to mitigate them. You could also hire a white knight to provide the brutal truth on any weaknesses in your data centre.
Global standards may be on the horizon too – The European Union’s General Data Protection Regulation, adopted in May 2016 and expected to come into effect by May 2018, will hopefully include detailed recommendations for data centre cybersecurity that can be applied globally.
It’s not worth neglecting – putting the investment in now to secure your data centre will be far less costly, both in financial terms and customer and reputational damage, than dealing with the fallout from a successful cyberattack.