Storage is an integral part of every organization’s infrastructure. Cybersecurity is vital element of the strategy of each organization. Yet somehow the two are rarely connected, and the lack of storage security is a gap that puts businesses at risk.
When it comes to preventing hackers from accessing their data, most organizations focus their security posture to protect thego perimeter and endpoints, and to traffic analysis and user activity tendencies to detect aomalies. Today’s IT managers understand this attackers can ultimately slip ahead same the best security protocols. This leaves storage and backup systems like the last line of defense. AAnd attackers know it.
Through the eyes of a hacker
Look through the eyes of a hacker and you’ll see just how appealingmake a the target storage is. You could notap in storage or backup plane at get a copy of the Active Directory server and run it in a testbed or sandbox environment—Who Probably is much less rigorously controlled. Now you can launch an not monitored VM using the copies, and Pause your entry into production The data. Yes the the organization also uses cloud storage for offsite backup, you could try to modify backup policy overlay data you covet in one of these offsite datasets. Since data loss prevention (DLP) tools rarely (if ever) monitor storage and backup traffic, let alone on the cloud side, you’ll probably never notice that your entire environment has been cloned..
In another scenario, you could modify the configuration of a insufficiently secure storage system for card the discs of critical databases or requests at waiters you control. Now the data is simultaneously visible to both the original production servers and yoursand you can use the unguarded path you just created to edit production data without tripping over wires. For those wondering how and why: Storage I/O (which often uses non-IP protocols) is almost never monitored and threatens detection tools generally relthere on the software agents deployed on production waiters (which, of course, you took care of not to deploy on yours).
not reasonworth by money? If you are a hacktivist or the execution of a nation–state attack seeks ball joint a major bank or utility provideryou will want to eliminate any chance of recovery by emptying all stored data. In addition to destroy instantaneouss, shadow copies and andeven backup systems that protect storage devices, you can also perform denial of service (DoS) attacks on storage networks and storage arrays. The latter is particularly devastating because a single overloaded array can immediately cripple thousands of servers and an overloaded SAN can bring down the entire production environment at once.
Yes, these are highly destructive scenarios—corn they are also plausible when security is not monitored. Dcentenarywe saw 10,000 data center attacks in a single week. Considering the number of companies paying ransoms, it is clear thatit is the attacks are successfulssful, Who tell us these companies do not adequately protect their security.