Firehost Reveals Increases In Cyberattacks In Its Superfecta Report

Firehost Reveals Increases In Cyberattacks In Its Superfecta Report

Firehost Reveals Increases in Cyberattacks in its Superfecta Report

There are always wolves at the door, and they are relentless in both their creativity and determination when it comes to getting in. This is the message that can be gleaned from a report released Tuesday October 22, by FireHost, (www.firehost.com) a provider of managed, secure cloud IaaS. Their Superfecta report highlights upticks in Cross-site Scripting (XSS) and SQL Injection activity that specifically target applications carrying sensitive information about organizations and their customers.

ChartThe adoption of cloud computing, mobile applications and virtualized enterprise architectures have led to an expansion of applications that are connected to Internet resources,” explained FireHost founder and CEO Chris Drake. He and his team are noticing the attacks becoming more prevalent and automated, meaning that of the nearly 32 million attacks that Firehost blocked in the third quarter of 2013 alone (a 32 percent increase over Q2 2013), the increase in attempted SQL Injection and Cross-Site Scripting attacks signifies that what was once the domain of the sophisticated hacker has now become commoditized, which poses a greater risk to any businesses with hosted resources.

According to Jeremiah Grossman, founder and CTO of WhiteHat Security, the hacker community is becoming particularly creative in combining and integrating CRSF, XSS and Directory Traversal attacks to inject code that is designed to penetrate databases that underpin many mission-critical, web-based applications.

Kurt Hagerman, Director of Information Security for Firehost, in speaking with CloudTweaks.com, points out that all is far from lost. What is required, he suggests, is a greater level of communication and understanding between IT and the C-suite. Investment in security, he says should stay proportional to investments made in infrastructure such as networks, but this can only happen if both sides are talking regularly. Often, he points out, a company’s IT group is left to make its own decisions, and, because of the wide range of issues a typical IT department has to handle, the requests for support that filter up to the senior levels are disjointed and lack overarching context.

All the while, the bad guys continue to insert malicious code into web pages, online forms and directory files, with the tenacity of hungry predators.

The strategy, Hagerman suggests, is to shift from “thinking IT”  to “thinking governance.” He points out how attacks to a company’s vulnerable application layer assets aren’t just about data loss. They hold the potential to destroy a brand. He highlights the famous 2007 case in which TJX Companies Inc., parent company of T.J. Maxx, Winners and HomeSense, discovered a breach of its credit card processing system in which the theft of unencrypted track-2 data compromised over 45 million credit and debit card numbers, and which resulted in a class action lawsuit. Although this case is now six years old, it highlights the fact that innovative thieves stop at nothing to discover cracks in the system, and that the hard-earned reputation of the company itself must struggle for years to right itself. Smaller companies, with shallower pockets, might never get the chance to recover.

Grossman and Hagerman suggest that the Firehost Superfecta report be seen more as a business enabler than a sky-is-falling doom-and-gloom scenario.  “The point to elevating security sophistication, they say, is to make the bad guys work harder, to a point at which it is no longer worth their time to try to break down your barricades.” Although that might seem like common sense, too many companies still underspend on security.

Traditionally, we see the lion’s share of technology budget being spent on creating or obtaining applications. After that, infrastructure and hosting solutions receive the most financial attention. Investments in security and preventative measures come in last in most cases,” said Drake.

In addition to being a deterrent to thieves, a governance approach to security also helps to head off costly fines for data breaches that may be imposed by banking regulators, healthcare/privacy authorities and many others.

Today, in many organizations, as much as $1 out of every $10 invested in enterprise infrastructure technology is allocated to protect network resources.  Only $1 out of $100 is invested in web application security.  This unbalanced approach does not reflect the newly emerging threat landscape,” said Drake.

In short, the reality of cyberattacks is that they are becoming more frequent and varied. Hagerman points out in just half a year, the number of blocked attacks that he has overseen has doubled. “A proactive and up-to-date defence is the reality of doing business,” he says.

Kurt Hagerman will be a featured speaker at the AKJ e-Crime and Information Security Mid-Year Conference in London, UK on October 24, 2013.

By Steve Prentice

About Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

View Website
View All Articles

Sorry, comments are closed for this post.

Using Cloud Technology In The Education Industry

Using Cloud Technology In The Education Industry

Education Tech and the Cloud Arguably one of society’s most important functions, teaching can still seem antiquated at times. Many schools still function similarly to how they did five or 10 years ago, which is surprising considering the amount of technical innovation we’ve seen in the past decade. Education is an industry ripe for innovation…

Your Biggest Data Security Threat Could Be….

Your Biggest Data Security Threat Could Be….

Paying Attention To Data Security Your biggest data security threat could be sitting next to you… Data security is a big concern for businesses. The repercussions of a data security breach ranges from embarrassment, to costly lawsuits and clean-up jobs – particularly when confidential client information is involved. But although more and more businesses are…

Three Factors For Choosing Your Long-term Cloud Strategy

Three Factors For Choosing Your Long-term Cloud Strategy

Choosing Your Long-term Cloud Strategy A few weeks ago I visited the global headquarters of a large multi-national company to discuss cloud strategy with the CIO. I arrived 30 minutes early and took a tour of the area where the marketing team showcased their award winning brands. I was impressed by the digital marketing strategy…

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And The Extension/Expansion Of Virtual Reality

Virtual Immersion And Virtual Reality This is a term I created (Virtual Immersion). Ah…the sweet smell of Virtual Immersion Success! Virtual Immersion© (VI) an extension/expansion of Virtual Reality to include the senses beyond visual and auditory. Years ago there was a television commercial for a bathing product called Calgon. The tagline of the commercial was Calgon…

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart Change-Induced Network Outages and Breaches

How Formal Verification Can Thwart  Breaches Formal verification is not a new concept. In a nutshell, the process uses sophisticated math to prove or disprove whether a system achieves its desired functional specifications. It is employed by organizations that build products that absolutely cannot fail. One of the reasons NASA rovers are still roaming Mars…

Ending The Great Enterprise Disconnect

Ending The Great Enterprise Disconnect

Five Requirements for Supporting a Connected Workforce It used to be that enterprises dictated how workers spent their day: stuck in a cubicle, tied to an enterprise-mandated computer, an enterprise-mandated desk phone with mysterious buttons, and perhaps an enterprise-mandated mobile phone if they traveled. All that is history. Today, a modern workforce is dictating how…

Lavabit, Edward Snowden and the Legal Battle For Privacy

Lavabit, Edward Snowden and the Legal Battle For Privacy

The Legal Battle For Privacy In early June 2013, Edward Snowden made headlines around the world when he leaked information about the National Security Agency (NSA) collecting the phone records of tens of millions of Americans. It was a dramatic story. Snowden flew to Hong Kong and then Russia to avoid deportation to the US,…

How To Overcome Data Insecurity In The Cloud

How To Overcome Data Insecurity In The Cloud

Data Insecurity In The Cloud Today’s escalating attacks, vulnerabilities, breaches, and losses have cut deeply across organizations and captured the attention of, regulators, investors and most importantly customers. In many cases such incidents have completely eroded customer trust in a company, its services and its employees. The challenge of ensuring data security is far more…

Four Recurring Revenue Imperatives

Four Recurring Revenue Imperatives

Revenue Imperatives “Follow the money” is always a good piece of advice, but in today’s recurring revenue-driven market, “follow the customer” may be more powerful. Two recurring revenue imperatives highlight the importance of responding to, and cherishing customer interactions. Technology and competitive advantage influence the final two. If you’re part of the movement towards recurring…