The past year seemed filled with sobering trends or warning signs for data center security providers, including news that cyberattackers were bypassing multi-factor authentication (MFA) security measures and that the National Institute of Standards and Technology (NIST) announced the winner of the six-year-competition to create quantum-safe algorithms.
Our top 10 data center security review looks at the Wormhole hack, stolen data, the vulnerability of data centers’ physical security, and preparing for potential breaches.
1. How Open Source Software Protects Data Centers
An Aqua Security survey of 100 CISOs at Fortune 500 companies found 78 percent preferred open source security software tools since they offer the best and most recent innovation and allow for a more thorough examination of the software’s vulnerabilities. Vendors and experts who’ve built a business around deploying, maintaining, and servicing open source tools are especially useful.
2. 3 Reasons Why AI Is the Best Cybersecurity Tool
A worldwide shortage of cybersecurity professionals makes it harder to spot malicious software. This makes artificial intelligence (AI) and machine learning (ML) programs more compelling. They identify malware based on characteristics instead of signatures and are especially adept at identifying zero-day malware, prioritizing threats, and providing automated actions.
3. When Attackers Bypass Cybersecurity’s Multi-Factor Authentication
Attackers know data centers place faith in security strategies which rely on legacy multi-factor authentication (MFA). Google, Apple, and Microsoft are shifting to a common password-less sign-on to eliminate the use of MFA security. It’s backed by the FIDO Alliance and the World Wide Web Consortium which sounds like a doomsday cult but has been working with hundreds of tech companies to protect consumers.
4. Why Data Centers’ Physical Security Needs Protection
Disruption often starts with the destruction of an actual building housing information. Data center cybersecurity teams tend to focus on securing the networks, servers, and other technology infrastructure to prevent disruptions and outages.
5. 9 Ways Zero-Trust is Valuable to Cybersecurity
Zero-trust, the security application where all users in and out of an organization’s network need to be authenticated and validated before being given access, is becoming the way of the world. A survey sponsored by Palo Alto and Optiv of 150 cybersecurity leaders found respondents believed zero-trust was "somewhat" to "extremely" critical in reducing their cybersecurity risk. About 46 percent touted it as their most important security practice in 2022 – ahead of any other cybersecurity project or strategy.
6. Should Enterprises Prepare for a Broader Cyberwar?
Experts warn cyberattacks will broaden as the Russian invasion and war in Ukraine grinds into the second year while Europe, the US, and other countries step up their sanctions against Russia. This is actually an opportunity for organizations to apply anti-phishing training or data center security and cybersecurity drills. They can utilize the free weekly automated vulnerability scan from CISA and its partner organizations including Microsoft, Google, IBM, Cloudflare, and Mandiant. The scan includes free phishing assessments, a remote penetration test, and other tools, services and resources.
7. How Network Encryption Works For and Against Data Center Security
What is good about network encryption can also prove disastrous for cybersecurity professionals. The same encryption used to protect people, data, and systems is also used by cybercriminals and state actors to protect their people, data, and systems. Encrypted traffic is less likely to be inspected by security teams, making malicious files harder to detect. Corporate concerns about regulations and privacy issues when inspecting traffic is also a challenge as mishandling sensitive data can create more problems.
8. Do Cybersecurity Expect More Ransomware and Denial of Service Attacks to Increase?
Distributed Denial of Service (DDoS) attacks, an effort where a target is flooded with traffic or information so that it shuts down a machine or triggers a network crash, are expected to get nastier and bigger. Why? The crime is far too lucrative for cyber criminals to give up as it costs little to launch. According to Akamai, the cost of launching a DDoS attack from dark web toolkits recently dropped by half, from $10 to $5 while ransom payments for stopping attacks or threatening not to launch them can fetch millions of dollars.
9. Why Jump Bailed Wormhole out of a $320 Million Pit
In February, Jump Crypto, a major player in all things cryptocurrency announced it would make investors whole after $320 million or 120 Ethereum went missing, exploited from a hack. Hacks aren’t new. But this was the third attack on a crypto bridge at the time, the others being Multichain and Quibit. Kanav Kariya, Jump’s president, stated on Twitter that it was important to “retain the faith from the community” with some speculating it's because they intend to reap their own cryptocurrency harvest.
10. How Hackers Breach Nvidia Data Demanding Unlimited Cryptocurrency Mining
In March, hackers breached Nvidia’s data security by taking employee credentials and proprietary information before then leaking it online. Nvidia says no malicious malware was deployed. Instead, the hackers stole data and publicly threatened the company with releasing it unless they removed limits that impeded cryptocurrency mining on a series of Nvidia graphics cards. When Nvidia declined, the information was released online.
