Firehost Reveals Increases In Cyberattacks In Its Superfecta Report

Firehost Reveals Increases In Cyberattacks In Its Superfecta Report

Firehost Reveals Increases in Cyberattacks in its Superfecta Report

There are always wolves at the door, and they are relentless in both their creativity and determination when it comes to getting in. This is the message that can be gleaned from a report released Tuesday October 22, by FireHost, (www.firehost.com) a provider of managed, secure cloud IaaS. Their Superfecta report highlights upticks in Cross-site Scripting (XSS) and SQL Injection activity that specifically target applications carrying sensitive information about organizations and their customers.

ChartThe adoption of cloud computing, mobile applications and virtualized enterprise architectures have led to an expansion of applications that are connected to Internet resources,” explained FireHost founder and CEO Chris Drake. He and his team are noticing the attacks becoming more prevalent and automated, meaning that of the nearly 32 million attacks that Firehost blocked in the third quarter of 2013 alone (a 32 percent increase over Q2 2013), the increase in attempted SQL Injection and Cross-Site Scripting attacks signifies that what was once the domain of the sophisticated hacker has now become commoditized, which poses a greater risk to any businesses with hosted resources.

According to Jeremiah Grossman, founder and CTO of WhiteHat Security, the hacker community is becoming particularly creative in combining and integrating CRSF, XSS and Directory Traversal attacks to inject code that is designed to penetrate databases that underpin many mission-critical, web-based applications.

Kurt Hagerman, Director of Information Security for Firehost, in speaking with CloudTweaks.com, points out that all is far from lost. What is required, he suggests, is a greater level of communication and understanding between IT and the C-suite. Investment in security, he says should stay proportional to investments made in infrastructure such as networks, but this can only happen if both sides are talking regularly. Often, he points out, a company’s IT group is left to make its own decisions, and, because of the wide range of issues a typical IT department has to handle, the requests for support that filter up to the senior levels are disjointed and lack overarching context.

All the while, the bad guys continue to insert malicious code into web pages, online forms and directory files, with the tenacity of hungry predators.

The strategy, Hagerman suggests, is to shift from “thinking IT”  to “thinking governance.” He points out how attacks to a company’s vulnerable application layer assets aren’t just about data loss. They hold the potential to destroy a brand. He highlights the famous 2007 case in which TJX Companies Inc., parent company of T.J. Maxx, Winners and HomeSense, discovered a breach of its credit card processing system in which the theft of unencrypted track-2 data compromised over 45 million credit and debit card numbers, and which resulted in a class action lawsuit. Although this case is now six years old, it highlights the fact that innovative thieves stop at nothing to discover cracks in the system, and that the hard-earned reputation of the company itself must struggle for years to right itself. Smaller companies, with shallower pockets, might never get the chance to recover.

Grossman and Hagerman suggest that the Firehost Superfecta report be seen more as a business enabler than a sky-is-falling doom-and-gloom scenario.  “The point to elevating security sophistication, they say, is to make the bad guys work harder, to a point at which it is no longer worth their time to try to break down your barricades.” Although that might seem like common sense, too many companies still underspend on security.

Traditionally, we see the lion’s share of technology budget being spent on creating or obtaining applications. After that, infrastructure and hosting solutions receive the most financial attention. Investments in security and preventative measures come in last in most cases,” said Drake.

In addition to being a deterrent to thieves, a governance approach to security also helps to head off costly fines for data breaches that may be imposed by banking regulators, healthcare/privacy authorities and many others.

Today, in many organizations, as much as $1 out of every $10 invested in enterprise infrastructure technology is allocated to protect network resources.  Only $1 out of $100 is invested in web application security.  This unbalanced approach does not reflect the newly emerging threat landscape,” said Drake.

In short, the reality of cyberattacks is that they are becoming more frequent and varied. Hagerman points out in just half a year, the number of blocked attacks that he has overseen has doubled. “A proactive and up-to-date defence is the reality of doing business,” he says.

Kurt Hagerman will be a featured speaker at the AKJ e-Crime and Information Security Mid-Year Conference in London, UK on October 24, 2013.

By Steve Prentice

About Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

View Website
View All Articles

Sorry, comments are closed for this post.

Comics
Three Tips To Simplify Governance, Risk and Compliance

Three Tips To Simplify Governance, Risk and Compliance

Governance, Risk and Compliance Businesses are under pressure to deliver against a backdrop of evolving regulations and security threats. In the face of such challenges they strive to perform better, be leaner, cut costs and be more efficient. Effective governance, risk and compliance (GRC) can help preserve the business’ corporate integrity and protect the brand,…

Lavabit, Edward Snowden and the Legal Battle For Privacy

Lavabit, Edward Snowden and the Legal Battle For Privacy

The Legal Battle For Privacy In early June 2013, Edward Snowden made headlines around the world when he leaked information about the National Security Agency (NSA) collecting the phone records of tens of millions of Americans. It was a dramatic story. Snowden flew to Hong Kong and then Russia to avoid deportation to the US,…

Digital Identity Trends 2017 – Previewing The Year Ahead

Digital Identity Trends 2017 – Previewing The Year Ahead

Digital Identity Trends 2017 The lack of security of the Internet of Things captured public attention this year as massive distributed denial of service attacks took down much of the internet. The culprits? Unsecured connected devices that were easily accessed and manipulated to do the bidding of shadowy hackers. When you can’t access Netflix anymore,…

Adopting A Cohesive GRC Mindset For Cloud Security

Adopting A Cohesive GRC Mindset For Cloud Security

Cloud Security Mindset Businesses are becoming wise to the compelling benefits of cloud computing. When adopting cloud, they need a high level of confidence in how it will be risk-managed and controlled, to preserve the security of their information and integrity of their operations. Cloud implementation is sometimes built up over time in a business,…

Cyber Security: McAfee on IoT Threats and Autonomous Cars

Cyber Security: McAfee on IoT Threats and Autonomous Cars

IoT Threats and Autonomous Cars Autonomous cars are just around the corner, there have been controversies surrounding their safety, and a few doubts still hang in the minds of people who don’t like the idea of a computer driving their car. However, the biggest news stories surrounding this topic have been to do with how…

How To Overcome Data Insecurity In The Cloud

How To Overcome Data Insecurity In The Cloud

Data Insecurity In The Cloud Today’s escalating attacks, vulnerabilities, breaches, and losses have cut deeply across organizations and captured the attention of, regulators, investors and most importantly customers. In many cases such incidents have completely eroded customer trust in a company, its services and its employees. The challenge of ensuring data security is far more…

The Key To Improving Business Lies In Eye-Interaction Tech

The Key To Improving Business Lies In Eye-Interaction Tech

Eye-Interaction Technology Analysts at Goldman Sachs predict virtual reality revenue will surpass TV within the next decade. More than just some gaming fad, VR represents a whole new way for organizations to train, research, and explore vast amounts of data. Despite its popularity, however, VR is still not in the hands of the majority, and…

5 Things To Consider About Your Next Enterprise Sharing Solution

5 Things To Consider About Your Next Enterprise Sharing Solution

Enterprise File Sharing Solution Businesses have varying file sharing needs. Large, multi-regional businesses need to synchronize folders across a large number of sites, whereas small businesses may only need to support a handful of users in a single site. Construction or advertising firms require sharing and collaboration with very large (several Gigabytes) files. Financial services…

The Future Of Cloud Storage And Sharing…

The Future Of Cloud Storage And Sharing…

Box.net, Amazon Cloud Drive The online (or cloud) storage business has always been a really interesting industry. When we started Box in 2005, it was a somewhat untouchable category of technology, perceived to be a commodity service with low margins and little consumer willingness to pay. All three of these factors remain today, but with…