Data centres: The future of cyberwarfare

Data centres: The future of cyberwarfare

While cyber warfare may sound like something from a sci-fi film, it’s very much a modern-day reality. Liviu Arsene, global cybersecurity researcher at Bitdefender, outlines the dangers faced by data centres and highlights ways in which we can protect our assets.

In a world consumed by the power of data, cybersecurity is of paramount importance. As attackers become more sophisticated, they will increasingly seek to target data centres due to their importance in storing critical data, as well as the understanding that many of their predominant features can be controlled remotely. Failure to properly secure data centres, something that even large companies have issues with, places data centres at great risk of a breach

When these attacks are successful, one of the most sobering statistics is the cost to companies. Costs that span everything from detection and escalation, notification, post data breach response, and lost business. In fact, the average cost to a business in 2018, according to research sponsored by IBM and conducted by the Ponemon Institute, was $7.91 million.

What is even more alarming than the monetary cost of a data breach is the amount of data that is at risk each time; on average 25,000 records are compromised every time a cyberattack is successful.

Data centres vs cyberwarfare

So how important will data centres be during an era of cyberwarfare? As the proliferation of IoT (Internet of Things) devices continues, an increasing number of important buildings and power stations management systems and sensors will feature IoT functionality.

The encouragement of such mainstream connectivity between devices has facilitated a rapid expansion of the attack surface, the likes of which the world has never seen before. This has unfortunately introduced unprecedented numbers of attacks, ranging from Distributed Denial of Service (DDoS), buffer-overflow, memory corruption and zero-day against industrial, commercial, military, and consumer systems and devices.

As cyberwarfare becomes a more common form of conflict, cloud infrastructures will undoubtedly be targeted and used to deliver threats or compromise data. It will be more important than ever to ensure that data centres are focused on addressing threat vectors revolving around unpatched vulnerabilities and misconfigurations that can spread across private, public, or hybrid infrastructures. Even something as simple as regularly updating security software will greatly reduce the risk from cyber-attacks.

Cyberwarfare is also an extremely relevant issue given the recent tensions between states, where many cybersecurity experts have warned that the physical conflict could encourage retaliatory attacks from groups of hackers.

With large corporations and important military buildings and bases undoubtedly the target of such attacks, it is certain that cloud infrastructures will likely fall under the “collateral damages” category as attackers will either use the cloud to their advantage or compromise cloud infrastructures belonging to select targets.

Protecting data centres

There are many ways to protect data centres; the same basic rules apply with most technology, with keeping security solutions updated all at times being key. However, with the increase in stacked technologies aimed at boosting productivity, performance, and scalability, the security needed to protect them has changed.

Legacy data centres relied on reducing systems to a single dimension, whereas virtualisation and cloud infrastructures are an enabler for software defined data centres (SDDC). Securing these types of infrastructures involves a policy-based approach that intertwines security with applications, instead of applying traditional network-based security.

This requires organisations to rethink the way they store and secure their data. As a result, new, application-aware security controls are needed. Application-aware security ensures that security policies are enforced automatically across any network configuration, based on the workload’s role, and not its location within the infrastructure, as would happen with traditional infrastructures.

The most important aspect of security in these environments is ensuring that the remediation capabilities are not impacted. By fully leveraging the tight integration with hypervisors that control the hardware resources allocated to virtual workloads, new security layers that sit below the guest operating system can offer unparalleled visibility into threats. This can be particularly useful when defending against new or unknown vulnerabilities, such as those seen in cyberwarfare, that aim to compromise virtual workloads.

Coupled with visibility across all endpoints and networks, organisations relying on endpoint detection and response capabilities will have the ability to identify and plug potential data breaches before they cause permanent damages, while also having the investigative capabilities required to paint a complete picture into an attack timeline. Breaking the attack kill chain as early on during a potential data breach requires more than just security, but also visibility capabilities that help organisations during forensic investigations.

Ultimately, data centres are vital pieces of infrastructure. As such, their security, both physical and cyber, is of the utmost importance. Developing new and more efficient ways to ward off cyberwarfare and protect data centres should be a focus for companies from every sector but should also be top of the agenda for governments.