Five key things you need to know about cyber attacks
By John Hall, Director at Infinity SDC
From the datacentre industry to cloud adopters, security is an increasing concern for decision makers within the sector. And it’s not just the professionals asking, but consumers are starting to question – where is my data stored and how secure is it? It’s not surprising concerns are being raised, with the likes of Sony making headline news on cyber hacks and data breaches, potentially being undiscovered for months.
Traditionally, security within the datacentre has been orientated around walls and perimeters, so how do you keep the threats at bay? The explosion of IT systems, networks, users, cloud gateways and network enabled devices have caused the size of a typical enterprise’s attack surface to expand. Any user or device can be its weakest link and become the steppingstone to a major data breach problem and security attack. For every datacentre professional, there are five key areas to consider when it comes to security.
- Data sovereignty
Data sovereignty is information which has been converted and stored in digital form, different from the host’s country of origin. Therefore the content is subject to the laws of the country in which it is located. For example, even though Yahoo! is an US organisation, it is under investigation by European Regulators because the data breach involving 500 million Yahoo! Accounts occurred within European locations. Data protection agencies and Governments are exerting their responsibility and authority to investigate Yahoo! and penalise if necessary.
In 2015, it was revealed 40 per cent of consumers chose trust in an organisation as the most important factor when deciding to share personal information, four times more than any other factor. For the datacentre industry, the outcomes of Brexit and Article 50 will be at the front of the agenda in regards to new data sovereignty laws. This will assist the industry in the best way to protect data and ensure breaches do not occur.
- Mass cloud adoption
Agility, reliability and security are compelling reasons for an organisation to move to the cloud. The decision by the European Court of Justice in Luxembourg to render the Safe Harbour agreement between USA and the EU invalid has accelerated the quest to build local data centres in Europe. In a post-Brexit world, this may change due to the outcomes of Article 50. But currently, many businesses are turning to Cloud due to of the ease of adopting Cloud infrastructure and keeping up with the latest innovations. As the big cloud vendors search for datacentres in the UK and Continental Europe, security will be the biggest requirement to ensure data integrity is retained. 82 per cent of security experts believe progress is being made in the battle against cyber attacks, but those gains are being undercut with below-par security practices by end users in critical areas such as cloud computing.
- Death of traditional IT
Digital transformation is now at the forefront of business agendas. For IT departments’ this transformation will create new security problems, as separate systems are becoming more connected. Traditional IT practises will be unable to cope with any changes or restructures of a business if it continues to use inefficient processes. Information security is responsible for the security of everything, including IoT and the organisation’s operational technology. In turn, the implementation of information security is moving to where organisations use IT, resulting in IT departments becoming more decentralised and services-based. The lack of agility and capacity to cope with the latest technology will result in the department becoming obsolete. Organisations, datacentre and cloud operators must eradicate technology which is not fit for purpose and ensure the latest security solutions are implemented. This will increase security and make the technology easier to protect from intrusions.
- Government snooping
Government monitoring and the recent UK “Snoopers Charter” of data has been given extensive coverage to in media reports, with consumers taking more of an interest in this area, but why is this important now? From a security perspective, accessing the confidential data of others can cause numerous issues and problems from data breaches being triggered to confidential information being shared inappropriately. The WikiLeaks scandal of Hilary Clintons emails during her presidency campaign for example, has been accused by many high level representatives, such as the head of NSA, as a contributing factor to the end result of the US election. It isn’t just one computer nerd hacking these corporations for fun anymore; it is now allegedly at Government level, pusing the legal boundaries of data protection laws to access restricted data under the guise of public interest.
- Technology innovations – IoT
Technology innovations within the security, data and cloud sectors are continuing to expand, with more devices than ever being connected on a global, cellular level. The increase of IoT within the space will cause more issues in terms of security. For example, the recent botnet DDOS attack at DYN in November almost broke the internet affecting Etsy, GitHub, Spotify and Twitter, showing the extent of the damage security breaches can cause if organisations fail to adopt a secure strategy for the increase of connected devices. If IoT is not secured to the highest level, the ramifications can be disastrous, as shown with the DDOS attack. Amazon has invested heavily into the IoT space, creating the facilities of the software layer and the encryption layer, allowing secure data to be transferred between devices. In the battle between cloud operators to provide UiR operating systems to allow them to build on IoT networks, more and more data will continue to travel across the space, needing a secure place for the data to be stored. With the increase of connected devices, the data needs to be authenticated, managed and encrypted securely. With more devices than people in the world, this area of expansion will continue to grow and will need to be managed securely.
Cyber attacks and data breaches have the opportunity to potentially cause irreversible consequences for the datacentre industry. Simplifying and ensuring the level of quality and detail to security is continuously maintained is crucial to the expansion of data and uncertainty of data protection laws and legislation.
79 per cent of security experts believe their organisation has learned lessons from major cyber attacks and over two-thirds (67 per cent) now believe their CEO and board of directors provide ‘sound cyber security leadership’, up from 57 per cent in 2015. Furthermore, this increased awareness has resulted in improvements in malware detection by 25 per cent, endpoint security 24 per cent, and security analytics 16 per cent. This has resulted in the industry placing greater emphasis on the issue, as the industry understands and therefore is addressing the issue of security and cyber attacks.