Story image

Data centre cybersecurity actions that most people overlook

18 Jan 2019

Article by Schneider Electric Innovation and Data Center vice president Steven Carlini

It’s been well publicised that Microsoft fends off more than 7 trillion cyberthreats per day, and allocates over $1 billion each year to cybersecurity for its cloud data centres.

While your data centre may not see “trillions” of cyberthreats per day (and you may not spend in the “billions” to protect your company’s data), I bet that you have a comprehensive plan in place for the protection of your digital data from theft or corruption.

Signs of effective data centre cybersecurity

Effective data centre cybersecurity practices include: Encrypted devices, firewalls, IDS/IPS, SIEM’s, SOC’s, stringent physical security, with documented procedures and clearly-defined business protocols.

If you consider cybersecurity a priority, you may have secured the main entry point (core), put your IT systems into “clusters” and redundantly protect those, and hard connected IT devices through physical communications cables.

Cybersecure-conscious companies integrate executive oversight to their c-suite team and add a new role of chief security officer. Rigorous audits are common and important compliance standards could include, but are not limited to:

  • NIST 800-53 PE and FISMA
  • SSAE-18 (SOC 1)/ISAE 3402
  • HIPM
  • ISO27001

Cybersecurity threats: Learn from these real-life examples

With these types of measures in place, companies are most likely confident in fending off cyberattacks. But history has shown that no fortress is impenetrable and a common theme is woven into the most famous and costly breaches.

In military terms it is called a flanking manoeuvre, which is an attack on the sides or rear of an opposing force. Flanking is useful because an army’s power is typically concentrated in its front – as is cybersecurity.

Let’s look at a couple of high-profile flanking breaches:

Uber – Uber CEO Dara Khosrowshahi said two hackers stole the personal data of 57 million Uber users, including phone numbers, email addresses, and names, and the driver’s licence numbers of 600,000 Uber drivers in 2016.

The hackers got in through Uber’s GitHub account, a site its engineers use to code applications and track projects. There, hackers found the username and password to access Uber user data. GitHub is an engineering development site – not associated with any customer or driver accounts. However, it resides on the same network.

Target – In 2013, attackers first broke into the retailer’s network by using network credentials stolen from Fazio Mechanical Services, a Sharpsburg, Pennsylvania based provider of refrigeration and HVAC systems, according to USA Today.

Personally Identifiable Information (PII) of 70 million customers was compromised, including names, addresses, email addresses, and telephone numbers. Target’s CIO resigned in March 2014, and its CEO resigned in May of the same year. The company estimated the cost of the breach at $162 million.

Cooling system vendors need to be able to remotely access systems to conduct maintenance or to troubleshoot glitches and connectivity issues with the software.

This is mainly for cost savings, versus dispatching service personnel to the site. It’s clear why Target gave an HVAC company external network access, but company leaders obviously had no idea it could be used to access Target’s payment system network.

Ukraine Power Grid – A successful cyberattack on a power grid was carried out in December 2015.

Hackers successfully compromised the information systems of three energy distribution companies in Ukraine to temporarily disrupt electricity supply from 30 substations, leaving 230,000 people without electricity for a period from 1-to-6 hours.

Energy companies use SCADA (Supervisory Control and Data Acquisition) systems where the hackers were able to remotely switch off substations by hijacking unprotected networks through which uninterruptible power supplies were communicating.

Securing your greater digital ecosystem

As you can see it’s necessary to think about your entire digital ecosystem with a wide view that sees beyond the boundaries of your IT room.

In the data centre, most of the focus has been on defending the core where all the servers and storage are located. But cybercriminals are looking at where they can flank your position, as shown by the cyberattack cases.

It’s time to look at cyber protection from all perspectives and all domains of the data centre. Data centre are sometimes conceived, designed, constructed, and managed in three domains – IT Room, Power, and Building (cooling).

Protecting your digital vulnerabilities from cybersecurity attacks

Knowing where your systems are vulnerable is the key to protecting them.

As we have seen from the examples, once cybercriminals get inside your firewalls, they can navigate their way to customer data or even shut down your business functions or power.

These peripheral areas and components are not your core competency – the IT room is. This is precisely where Schneider Electric can help.

Schneider can provide a comprehensive assessment and analysis to reveal the gaps between where you are now and worry-free protection.

We can deliver a clear roadmap and action plan, which designates the right people, processes, and technologies to bridge the gaps in your data centre and minimise the possibility of a cybersecurity flank attack.

Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.