Could your outdated data centre infrastructure survive a cyber attack?

Date: 04 August 2017 Author: Richard Johnson

With business security professionals less confident in their defences than ever before, data centre modernisation is becoming far more than a nice-to-have. It’s the cyber equivalent of a line drawn in the sand. The only hope enterprises have of defending IT systems against their number one nemesis: cyber threats. Could your data centre infrastructure stand up to cyber attack?

Ageing data centre infrastructure significantly increases your risk

Cyber attackers are increasingly making use of professionally designed, architected and scaled architectures in their malicious efforts to steal data and intellectual property, and extort money from victims. This threat grows by the week in frequency and sophistication and must be met with an equally robust response, which begins with updating outdated data centre infrastructure.

Organisations around the world are scrambling to audit and update data centre infrastructure following high-profile cyber attacks like the ransomware attacks on the NHS. The NHS has now set aside £1.9bn aside for UK cyber protection after repeated warnings to do more to protect itself.

Cyber attacks on data centres are increasingly affecting a range of industries on a regular basis the world over and the threat scenario changes by the hour. The reality is that it is no longer possible for IT security specialists to be in complete control of their organisations’ cyber security without making the modernisation of outdated data centre infrastructure a business priority.

Weaker defences place SMEs at increasing risk

Cyber attacks are increasingly aimed at SMEs that typically have fewer cyber security measures in place than big businesses. Despite the average cost of an attack ranging between £65,000 and £115,000, only nine percent of UK SMEs have cyber threat insurance. What is truly frightening is that 74 percent of SMEs believe they do not need cyber security cover.

If three-quarters of SMEs fail to understand the financial implications to their businesses of the present day cyber threats, then it’s likely that many enterprises are failing to devote the resources necessary to keep data centre infrastructuresafe on the frontlines of the fight against cyber threats. This could be because they lack the resources to hire the sort of highly-skilled IT teams required to drive data centre restructuring and maintenance.

But with cyber attacks growing in frequency and sophistication, doing nothing is no longer an option for SMEs, and if necessary they must outsource their data centre requirements to companies who have made it their business to offer best practice data centre solutions that allow SMEs to scale their data centre and support technologies for protection of their data and IT functions.

Data centre infrastructure

Types of data centre security attacks and responses:

  • DDoS attacks: multiple compromised systems, often infected with a Trojan, used to target a single system causing a Denial of Service (DoS) attack are accounting for 50 million attacks every year. Data centre upgrades must ensure they have ironclad defences in place against DDoS threats.
  • Web application attacks: website widgets and improper coding increase the data centre’s risk of falling foul to hackers who gain access to databases to churn sensitive data and sell it on. Data centre security protocols must include measures to proactively block web attacks and ‘virtually patch’ vulnerabilities.
  • DNS Infrastructure vulnerability: despite the Domain Name System (DNS) being mission-critical to every organisation, it remains a vulnerable component of data centre network infrastructure that is often inadequately protected by traditional security solutions. By creating a well-designed DNS infrastructure that restricts access only to those who need the service, DNS servers can be converted from points of weakness to an important part of an organisation’s defence against cyber threats.
  • SSL encryption vulnerabilities: a security researcher recently discovered a flaw that could make it possible for unauthenticated attackers to retrieve other people’s SSL certificates, including public and private keys, and reissue or revoke those certificates. Sound data centre infrastructure should include robust endpoint security solutions to inspect traffic after it has been decrypted by the workstation. Traffic inbound to your organisation's servers and traffic initiated by clients on your corporate network to the internet can be decrypted by network-based security tools and inspected by your entire suite of network security gear.
  • Brute force attacks: typically target the login page of a website using millions of username and password combinations until they find a valid one. Organisations can minimise vulnerability to attacks by avoiding revealing critical information in error messages, putting in place request throttling, and properly enforcing account lockout and password complexity.
  • Employees: too often an organisation’s vulnerability to the actions of its own employees is ignored with disastrous consequences. Yes, there are those employees who will access and steal critical company data, but often it’s a case of an employee making an IT mistake that leaves servers open to attack. Vigilance of employees who have access to critical systems, and educating employees about why it is critical to document all IT changes, can avert cyber disaster.
  • Application Delivery Controllers (ADCs) for defence: every organisation’s cyber defence strategy should place ADCs at the heart of data centre infrastructure to block attacks, prohibit unauthorised access to applications, and for intercepting and examining encrypted traffic.

Data centre infrastructure with an eye on security and the future

It’s never been a more exciting time to be an IT professional—never have the gains of technology for businesses been more rewarding or the potential risks so damaging. When it comes to the creation, upgrading and maintenance of data centre infrastructure, it is important to know your environment, to be prepared to keep evolving your security practices and building confidence around your incident response procedures.

Sometimes we all need a little help making the right decisions and Data Centre Outsourcing companies have invested considerable time, money and expertise in building secure data centres. See how Camworth can help you implement optimal data centre infrastructure efficiency that will meet the challenges of the future.

Guide to cyber security