Firehost Reveals Increases In Cyberattacks In Its Superfecta Report

Firehost Reveals Increases In Cyberattacks In Its Superfecta Report

Firehost Reveals Increases in Cyberattacks in its Superfecta Report

There are always wolves at the door, and they are relentless in both their creativity and determination when it comes to getting in. This is the message that can be gleaned from a report released Tuesday October 22, by FireHost, (www.firehost.com) a provider of managed, secure cloud IaaS. Their Superfecta report highlights upticks in Cross-site Scripting (XSS) and SQL Injection activity that specifically target applications carrying sensitive information about organizations and their customers.Chart

The adoption of cloud computing, mobile applications and virtualized enterprise architectures have led to an expansion of applications that are connected to Internet resources,” explained FireHost founder and CEO Chris Drake. He and his team are noticing the attacks becoming more prevalent and automated, meaning that of the nearly 32 million attacks that Firehost blocked in the third quarter of 2013 alone (a 32 percent increase over Q2 2013), the increase in attempted SQL Injection and Cross-Site Scripting attacks signifies that what was once the domain of the sophisticated hacker has now become commoditized, which poses a greater risk to any businesses with hosted resources.

According to Jeremiah Grossman, founder and CTO of WhiteHat Security, the hacker community is becoming particularly creative in combining and integrating CRSF, XSS and Directory Traversal attacks to inject code that is designed to penetrate databases that underpin many mission-critical, web-based applications.

Kurt Hagerman, Director of Information Security for Firehost, in speaking with CloudTweaks.com, points out that all is far from lost. What is required, he suggests, is a greater level of communication and understanding between IT and the C-suite. Investment in security, he says should stay proportional to investments made in infrastructure such as networks, but this can only happen if both sides are talking regularly. Often, he points out, a company’s IT group is left to make its own decisions, and, because of the wide range of issues a typical IT department has to handle, the requests for support that filter up to the senior levels are disjointed and lack overarching context.

All the while, the bad guys continue to insert malicious code into web pages, online forms and directory files, with the tenacity of hungry predators.

The strategy, Hagerman suggests, is to shift from “thinking IT”  to “thinking governance.” He points out how attacks to a company’s vulnerable application layer assets aren’t just about data loss. They hold the potential to destroy a brand. He highlights the famous 2007 case in which TJX Companies Inc., parent company of T.J. Maxx, Winners and HomeSense, discovered a breach of its credit card processing system in which the theft of unencrypted track-2 data compromised over 45 million credit and debit card numbers, and which resulted in a class action lawsuit. Although this case is now six years old, it highlights the fact that innovative thieves stop at nothing to discover cracks in the system, and that the hard-earned reputation of the company itself must struggle for years to right itself. Smaller companies, with shallower pockets, might never get the chance to recover.

Grossman and Hagerman suggest that the Firehost Superfecta report be seen more as a business enabler than a sky-is-falling doom-and-gloom scenario.  “The point to elevating security sophistication, they say, is to make the bad guys work harder, to a point at which it is no longer worth their time to try to break down your barricades.” Although that might seem like common sense, too many companies still underspend on security.

Traditionally, we see the lion’s share of technology budget being spent on creating or obtaining applications. After that, infrastructure and hosting solutions receive the most financial attention. Investments in security and preventative measures come in last in most cases,” said Drake.

In addition to being a deterrent to thieves, a governance approach to security also helps to head off costly fines for data breaches that may be imposed by banking regulators, healthcare/privacy authorities and many others.

Today, in many organizations, as much as $1 out of every $10 invested in enterprise infrastructure technology is allocated to protect network resources.  Only $1 out of $100 is invested in web application security.  This unbalanced approach does not reflect the newly emerging threat landscape,” said Drake.

In short, the reality of cyberattacks is that they are becoming more frequent and varied. Hagerman points out in just half a year, the number of blocked attacks that he has overseen has doubled. “A proactive and up-to-date defence is the reality of doing business,” he says.

Kurt Hagerman will be a featured speaker at the AKJ e-Crime and Information Security Mid-Year Conference in London, UK on October 24, 2013.

By Steve Prentice

About Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.

Find out more
View All Articles

Sorry, comments are closed for this post.

Comic
Investing In The Future With The Introduction of Sage Cloud

Investing In The Future With The Introduction of Sage Cloud

CHICAGO, IL–(Marketwired – Jul 26, 2016) – Sage, a market leader in cloud accounting software, announced today at Sage Summit 2016 its strong commitment to future technologies, with a focus on new and existing partnerships that power business growth. Revealed during CEO Stephen Kelly’s keynote address, which opened the world’s largest gathering of entrepreneurs and…

2016 Tour de France: Racing With Big Data

2016 Tour de France: Racing With Big Data

2016 Tour de France The 2016 Tour de France has just concluded, with Chris Froome (SKY) taking his third overall win. Not the kind of event we often focus on here at CloudTweaks, but Dimension Data has put its analytics technology to use tracking the journeys of each rider across all 21 stages, and their…

Ransomware: A Digital Pandemic – Is There A Cure?

Ransomware: A Digital Pandemic – Is There A Cure?

The Rise Of Ransomware You can imagine the scene: you’ve just completed that business plan and a set of accounts. Finally, it’s done and saved, ready for a final read through and to be sent out to your contact list. And right when you’re ready to click “Send”, the next thing you see on the…

Martech In A Content Crazed World

Martech In A Content Crazed World

Content Crazed World Everywhere you look there are pop-up ads and offers, at times it can feel like overload. What used to be a few online ads on websites has now grown into a wild world of offers that consume your every device. These advancements in marketing technology can not only be overwhelming to the…

Hubgets – Advanced Collaboration, Enriched Communication

Hubgets – Advanced Collaboration, Enriched Communication

Advanced Collaboration Tool Sponsored series provided in collaboration with Hubgets Collaboration tools have advanced leaps and bounds with the advent of cloud technology, and the services available are only getting better. Promising features such as sophisticated group communication, productive management of tasks and meetings, and the ultimate dream, working remotely from some gorgeous island destination, innovative collaboration…

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Despite Record Breaches, Secure Third Party Access Still Not An IT Priority

Secure Third Party Access Still Not An IT Priority Research has revealed that third parties cause 63 percent of all data breaches. From HVAC contractors, to IT consultants, to supply chain analysts and beyond, the threats posed by third parties are real and growing. Deloitte, in its Global Survey 2016 of third party risk, reported…

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

Choosing IaaS or a Cloud-Enabled Managed Hosting Provider?

There is a Difference – So Stop Comparing We are all familiar with the old saying “That’s like comparing apples to oranges” and though we learned this lesson during our early years we somehow seem to discount this idiom when discussing the Cloud. Specifically, IT buyers often feel justified when comparing the cost of a…

Are CEO’s Missing Out On Big Data’s Big Picture?

Are CEO’s Missing Out On Big Data’s Big Picture?

Big Data’s Big Picture Big data allows marketing and production strategists to see where their efforts are succeeding and where they need some work. With big data analytics, every move you make for your company can be backed by data and analytics. While every business venture involves some level of risk, with big data, that risk…

Multi-Cloud Integration Has Arrived

Multi-Cloud Integration Has Arrived

Multi-Cloud Integration Speed, flexibility, and innovation require multiple cloud services As businesses seek new paths to innovation, racing to market with new features and products, cloud services continue to grow in popularity. According to Gartner, 88% of total compute will be cloud-based by 2020, leaving just 12% on premise. Flexibility remains a key consideration, and…

Protecting Devices From Data Breach: Identity of Things (IDoT)

Protecting Devices From Data Breach: Identity of Things (IDoT)

How to Identify and Authenticate in the Expanding IoT Ecosystem It is a necessity to protect IoT devices and their associated data. As the IoT ecosystem continues to expand, the need to create an identity to newly-connected things is becoming increasingly crucial. These ‘things’ can include anything from basic sensors and gateways to industrial controls…

The Internet of Things – Redefining The Digital World As We Know It

The Internet of Things – Redefining The Digital World As We Know It

Redefining The Digital World According to Internet World Stats (June 30th, 2015), no fewer than 3.2 billion people across the world now use the internet in one way or another. This means an incredible amount of data sharing through the utilization of API’s, Cloud platforms and inevitably the world of connected Things. The Internet of Things is a…

The Big Data Movement Gets Bigger

The Big Data Movement Gets Bigger

The Big Data Movement In recent years, Big Data and Cloud relations have been growing steadily. And while there have been many questions raised around how best to use the information being gathered, there is no question that there is a real future between the two. The growing importance of Big Data Scientists and the…

Explosive Growth Of Data-Driven Marketing

Explosive Growth Of Data-Driven Marketing

Data-Driven Marketing There is an absolute endless amount of data that is being accumulated, dissected, analyzed with the important bits extracted and used for a number of purposes. With the amount of data in the world has already reached into multiple zettabytes annually. A Zettabyte is one million petabytes or one thousand exabytes. With data…

Cloud Infographic – What Is The Internet of Things?

Cloud Infographic – What Is The Internet of Things?

What Is The Internet of Things? “We’re still in the first minutes of the first day of the Internet revolution.”  – Scott Cook The Internet of Things (IOT) and Smart Systems are based on the notions of Sensors, Connectivity, People and Processes. We are creating a new world to view and measure anything around us through…

Cloud Infographic – Big Data Predictions By 2023

Cloud Infographic – Big Data Predictions By 2023

Big Data Predictions By 2023 Everything we do online from social networking to e-commerce purchases, chatting, and even simple browsing yields tons of data that certain organizations collect and poll together with other partner organizations. The results are massive volumes of data, hence the name “Big Data”. This includes personal and behavioral profiles that are stored, managed, and…