Firehost Reveals Increases In Cyberattacks In Its Superfecta Report

Firehost Reveals Increases In Cyberattacks In Its Superfecta Report

Firehost Reveals Increases in Cyberattacks in its Superfecta Report

There are always wolves at the door, and they are relentless in both their creativity and determination when it comes to getting in. This is the message that can be gleaned from a report released Tuesday October 22, by FireHost, (www.firehost.com) a provider of managed, secure cloud IaaS. Their Superfecta report highlights upticks in Cross-site Scripting (XSS) and SQL Injection activity that specifically target applications carrying sensitive information about organizations and their customers.Chart

The adoption of cloud computing, mobile applications and virtualized enterprise architectures have led to an expansion of applications that are connected to Internet resources,” explained FireHost founder and CEO Chris Drake. He and his team are noticing the attacks becoming more prevalent and automated, meaning that of the nearly 32 million attacks that Firehost blocked in the third quarter of 2013 alone (a 32 percent increase over Q2 2013), the increase in attempted SQL Injection and Cross-Site Scripting attacks signifies that what was once the domain of the sophisticated hacker has now become commoditized, which poses a greater risk to any businesses with hosted resources.

According to Jeremiah Grossman, founder and CTO of WhiteHat Security, the hacker community is becoming particularly creative in combining and integrating CRSF, XSS and Directory Traversal attacks to inject code that is designed to penetrate databases that underpin many mission-critical, web-based applications.

Kurt Hagerman, Director of Information Security for Firehost, in speaking with CloudTweaks.com, points out that all is far from lost. What is required, he suggests, is a greater level of communication and understanding between IT and the C-suite. Investment in security, he says should stay proportional to investments made in infrastructure such as networks, but this can only happen if both sides are talking regularly. Often, he points out, a company’s IT group is left to make its own decisions, and, because of the wide range of issues a typical IT department has to handle, the requests for support that filter up to the senior levels are disjointed and lack overarching context.

All the while, the bad guys continue to insert malicious code into web pages, online forms and directory files, with the tenacity of hungry predators.

The strategy, Hagerman suggests, is to shift from “thinking IT”  to “thinking governance.” He points out how attacks to a company’s vulnerable application layer assets aren’t just about data loss. They hold the potential to destroy a brand. He highlights the famous 2007 case in which TJX Companies Inc., parent company of T.J. Maxx, Winners and HomeSense, discovered a breach of its credit card processing system in which the theft of unencrypted track-2 data compromised over 45 million credit and debit card numbers, and which resulted in a class action lawsuit. Although this case is now six years old, it highlights the fact that innovative thieves stop at nothing to discover cracks in the system, and that the hard-earned reputation of the company itself must struggle for years to right itself. Smaller companies, with shallower pockets, might never get the chance to recover.

Grossman and Hagerman suggest that the Firehost Superfecta report be seen more as a business enabler than a sky-is-falling doom-and-gloom scenario.  “The point to elevating security sophistication, they say, is to make the bad guys work harder, to a point at which it is no longer worth their time to try to break down your barricades.” Although that might seem like common sense, too many companies still underspend on security.

Traditionally, we see the lion’s share of technology budget being spent on creating or obtaining applications. After that, infrastructure and hosting solutions receive the most financial attention. Investments in security and preventative measures come in last in most cases,” said Drake.

In addition to being a deterrent to thieves, a governance approach to security also helps to head off costly fines for data breaches that may be imposed by banking regulators, healthcare/privacy authorities and many others.

Today, in many organizations, as much as $1 out of every $10 invested in enterprise infrastructure technology is allocated to protect network resources.  Only $1 out of $100 is invested in web application security.  This unbalanced approach does not reflect the newly emerging threat landscape,” said Drake.

In short, the reality of cyberattacks is that they are becoming more frequent and varied. Hagerman points out in just half a year, the number of blocked attacks that he has overseen has doubled. “A proactive and up-to-date defence is the reality of doing business,” he says.

Kurt Hagerman will be a featured speaker at the AKJ e-Crime and Information Security Mid-Year Conference in London, UK on October 24, 2013.

By Steve Prentice

About Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

Find out more
View All Articles

Sorry, comments are closed for this post.

How Cloud Computing Is Changing The Retail Game

How Cloud Computing Is Changing The Retail Game

Cloud Computing Retail The retail industry is constantly evolving to meet the ever-changing needs of consumers. This transformation is influenced by e-commerce, social networking and the latest technologies. Today’s shoppers expect a connected and interactive consumer experience from start to finish. According to a report by the National Retail Federation, it is a projected that…

The True Power And Potential Of Wearables

The True Power And Potential Of Wearables

The Power of Wearables The potential of wearable computing for efficiency and innovation is enormous. For business leaders and CIOs, wearable technology represents an opportunity to find more intelligent solutions to real problems and to leverage these devices for the benefit of the organization. But before wearables can successfully realize these expectations, there remain basic…

Cloud-Enabled Managed Hosting: 5 Things A Cloud Provider Should Offer

Cloud-Enabled Managed Hosting: 5 Things A Cloud Provider Should Offer

Cloud-Enabled Managed Hosting The IT industry moves at light speed fueled by constant change and advancement. No area of IT has been affected more by this change than the hosting and managed service space. Advancement in the cloud and its delivery models of IaaS and SaaS have caused a monumental shift in the way IT…

Your Biggest Data Security Threat Could Be….

Your Biggest Data Security Threat Could Be….

Paying Attention To Data Security Your biggest data security threat could be sitting next to you… Data security is a big concern for businesses. The repercussions of a data security breach ranges from embarrassment, to costly lawsuits and clean-up jobs – particularly when confidential client information is involved. But although more and more businesses are…

SaaS Freemium Models and the Hidden Cost of Free

SaaS Freemium Models and the Hidden Cost of Free

SaaS Freemium Models We’ve all been lured into sexy “try before you buy” freemium models that provide just the right amount of functionality to get you started. Yet, it’s not quite enough to complete the job. “Getting the job done” often requires stepping up to a paid or premium version that provides more functionality, capabilities…

New Smartphones From Apple, Samsung and HTC Promise To Light Up 2016

New Smartphones From Apple, Samsung and HTC Promise To Light Up 2016

New Smartphones from Apple, Samsung and HTC (Sponsored post courtesy of Verizon Wireless) The launch of the Galaxy S7 Edge at the Mobile World Congress in Barcelona during February was the first shot in a vintage year for mobile phones. The S7 is an incredible piece of hardware, but launches from HTC and Apple later in the…

Featured Sponsored Articles
How Successful Businesses Ensure Quality Team Communication

How Successful Businesses Ensure Quality Team Communication

Quality Team Communication  (Sponsored post courtesy of Hubgets) Successful team communication and collaboration are as vital to project and overall business success as the quality of products and services an organization develops. We rely on a host of business tools to ensure appropriate customer interactions, sound product manufacturing, and smooth back-end operations. However, the interpersonal relationships…

Featured Sponsored Articles
How To Develop A Business Continuity Plan Using Internet Performance Management

How To Develop A Business Continuity Plan Using Internet Performance Management

Internet Performance Management Planning CDN Performance Series Provided By Dyn In our previous post, we laid out the problems of business continuity and Internet Performance Management in today’s online environment.  In this article, we will take a look at some of the ways you can use traffic steering capabilities to execute business continuity planning and…

Featured Sponsored Articles

CloudTweaks is recognized as one of the leading influencers in cloud computing, infosec, big data and the internet of things (IoT) information. Our goal is to continue to build our growing information portal by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Sponsor