While she was in the middle of investigating a recent attack in Sweden, the Datacloud team managed to grab 15 minutes with Hanna Linderstål, CEO of Earhart Business Protection Agency – here is what she had to say about cyber-security for data centres..
Hanna, how and where exactly are data centres vulnerable to cyber attack?
Data centres can be vulnerable to cyber attacks in many areas. The first of these is network parameters, which are the first line of defense against cyber-attack and can be vulnerable if they’re not properly secured. Attackers can exploit vulnerabilities in firewalls, routers and network devices to gain access to data.
The second area is web applications. Many data centres host web applications that are accessible over the Internet, so if these applications have vulnerabilities and are not properly patched, attackers can exploit them to gain access to data centre networks.
The third area is the operating systems and software used by data centres, which can also be vulnerable to cyber attacks. Attackers can exploit unknown or known vulnerabilities to gain unauthorized access or cause disruption of some kind.
You also have physical security – data centres must also be physically secure to prevent unauthorised access. Attackers can attempt to gain access to data centres by exploiting physical vulnerabilities such as weak locks or inaccurate surveillance.
Then there’s social engineering – attackers can use social engineering techniques to trick employees into giving out sensitive information or granting access to the systems network.
And finally, there are third party suppliers – data centres often rely on these suppliers for equipment and services, and they are another source of vulnerability. Attackers can exploit third party software or equipment to carry out what we call a supply chain attack – or even getting a job at a third party supplier in order to gain access, which is something that has actually happened before.
Which of the above methods is the most common?
I think the most common method for hackers is to sniff around systems for known vulnerabilities to see if everything has been patched correctly. I have seen all types of attempts to gain access, but sniffing out known vulnerabilities is really crucial. The other common one is social engineering, and of course you also have DDoS attacks.
Is there a technique used by hackers that is tailored to the data centre market in particular?
No, I think the techniques used are quite like an attack on any other company. But hackers need to do a lot more research when attacking data centres, because they have a high level of security and protection compared to other companies. The data centre industry is generally aware of security threats and takes them very seriously – as processors of a large amount of data, they are prime targets for cyber-attacks, and they know the consequences if it were to happen.
What kind of security demands do clients want from their data centre partners? Has this changed over time?
Customers of data centres are now asking questions about security more frequently. How does your security work? What is your information security policy? Do you have some type of guarantee that you have a high standard of information security?
It’s a new development from the client side, because ten years ago these questions weren’t being asked – clients were just saying things like ‘We’re going to store everything in the cloud’. Now, they ask where the data will be stored, and so on, so data centres are obviously going to feel more pressure from their clients. This means they must be transparent about their security and potential data breaches – especially in the EU where attacks need to be reported pretty quickly.
Data centres also know that if they have a data breach, their brand reputation is going to go into freefall – so security is top of mind.
Are there any areas where data centres need to do better?
The most common vulnerability is the ‘human in the house’. You need to maintain a high standard of employee training about what is trending right now, what is going on in the security business, and what is happening in the hacker industry, because there are a lot of people making money from malicious acts.
The other area is third party suppliers – most companies have pretty poor control of third-party suppliers in every aspect, from the person who comes in to clean to the ventilation system suppliers. We kind of forget about these people.
What other aspects of the current threat landscape do data centres need to be aware of?
We must understand that that the hacker community is no longer made up of single hackers in a basement drinking cola somewhere. It’s now a part of hybrid warfare. This means we have to be more prepared, because if you’re being targeted by a state hacking attack, you’re going to have a big problem. And if you look at the current situation in Europe, we need to take this threat very seriously.
There are a lot of well-trained state hackers doing a very nasty job, and there are a lot of cyber proxies selling services – if you look at ‘vulnerability brokers’ on the dark web, who sell knowledge of system vulnerabilities, the price of a known vulnerability has gone up. The stakes are high.
So, I believe that we have to take seriously not only the common hacker, but also hacking being used as a means of warfare. Obviously data centres that host government information will be targeted, but so will transnational brands and companies that are important for society.
Hanna will share more information on the cyber-security and hacking landscape at the Datacloud Global Congress event in Monaco – get your ticket here to be part of it.