The past year seemed filled with sobering trends or warning signs for data center security providers, including news that cyberattackers were bypassing multi-factor authentication (MFA) security measures and that the National Institute of Standards and Technology (NIST) announced the winner of the six-year-competition to create quantum-safe algorithms.
Our top 10 data center security review looks at the Wormhole hack, stolen data, the vulnerability of data centers’ physical security, and preparing for potential breaches.
An Aqua Security survey of 100 CISOs at Fortune 500 companies found 78 percent preferred open source security software tools since they offer the best and most recent innovation and allow for a more thorough examination of the software’s vulnerabilities. Vendors and experts who’ve built a business around deploying, maintaining, and servicing open source tools are especially useful.
A worldwide shortage of cybersecurity professionals makes it harder to spot malicious software. This makes artificial intelligence (AI) and machine learning (ML) programs more compelling. They identify malware based on characteristics instead of signatures and are especially adept at identifying zero-day malware, prioritizing threats, and providing automated actions.
Attackers know data centers place faith in security strategies which rely on legacy multi-factor authentication (MFA). Google, Apple, and Microsoft are shifting to a common password-less sign-on to eliminate the use of MFA security. It’s backed by the FIDO Alliance and the World Wide Web Consortium which sounds like a doomsday cult but has been working with hundreds of tech companies to protect consumers.
Disruption often starts with the destruction of an actual building housing information. Data center cybersecurity teams tend to focus on securing the networks, servers, and other technology infrastructure to prevent disruptions and outages.
Zero-trust, the security application where all users in and out of an organization’s network need to be authenticated and validated before being given access, is becoming the way of the world. A survey sponsored by Palo Alto and Optiv of 150 cybersecurity leaders found respondents believed zero-trust was "somewhat" to "extremely" critical in reducing their cybersecurity risk. About 46 percent touted it as their most important security practice in 2022 – ahead of any other cybersecurity project or strategy.
Experts warn cyberattacks will broaden as the Russian invasion and war in Ukraine grinds into the second year while Europe, the US, and other countries step up their sanctions against Russia. This is actually an opportunity for organizations to apply anti-phishing training or data center security and cybersecurity drills. They can utilize the free weekly automated vulnerability scan from CISA and its partner organizations including Microsoft, Google, IBM, Cloudflare, and Mandiant. The scan includes free phishing assessments, a remote penetration test, and other tools, services and resources.
What is good about network encryption can also prove disastrous for cybersecurity professionals. The same encryption used to protect people, data, and systems is also used by cybercriminals and state actors to protect their people, data, and systems. Encrypted traffic is less likely to be inspected by security teams, making malicious files harder to detect. Corporate concerns about regulations and privacy issues when inspecting traffic is also a challenge as mishandling sensitive data can create more problems.
Distributed Denial of Service (DDoS) attacks, an effort where a target is flooded with traffic or information so that it shuts down a machine or triggers a network crash, are expected to get nastier and bigger. Why? The crime is far too lucrative for cyber criminals to give up as it costs little to launch. According to Akamai, the cost of launching a DDoS attack from dark web toolkits recently dropped by half, from $10 to $5 while ransom payments for stopping attacks or threatening not to launch them can fetch millions of dollars.
In February, Jump Crypto, a major player in all things cryptocurrency announced it would make investors whole after $320 million or 120 Ethereum went missing, exploited from a hack. Hacks aren’t new. But this was the third attack on a crypto bridge at the time, the others being Multichain and Quibit. Kanav Kariya, Jump’s president, stated on Twitter that it was important to “retain the faith from the community” with some speculating it's because they intend to reap their own cryptocurrency harvest.
In March, hackers breached Nvidia’s data security by taking employee credentials and proprietary information before then leaking it online. Nvidia says no malicious malware was deployed. Instead, the hackers stole data and publicly threatened the company with releasing it unless they removed limits that impeded cryptocurrency mining on a series of Nvidia graphics cards. When Nvidia declined, the information was released online.