Intelligent CIO APAC Issue 34 - Page 55

For example , an attack on a data center ’ s HVAC system could compromise the ability of a data center to cool its servers . Without cooling , the data center has to power-down its equipment to avoid a greater catastrophe . This recently happened in our region at the beginning of the year . It wasn ’ t a cyberattack but we saw how issues with HVAC brought important business operations down across the region . To conclude , cyberattacks can cause significant business interruption , disruption and lost revenues .
What are the possible ways in which hackers can gain access to data center login credentials ?
Data centers offer a lucrative opportunity for attackers to launch supply chain attacks . By compromising a data center , they have the ability to backdoor into major companies and even cloud service providers .
Data center operators have a variety of portals that are accessed by their customers , their administrators , their third-party contractors and so forth . Each portal presents an avenue for credential attacks . There are a variety of ways credentials can be attacked . If these portals have single-factor authentication , then they are highly susceptible to brute force and dictionary attacks . Weak endpoints can be compromised through phishing attacks . If 2FA is used , the level of protection is much higher . However , there are attacks targeting 2FA such as SIM swapping and man-in-themiddle attacks .
exposing themselves to potentially vulnerable third parties and introducing their security vulnerabilities . Security must be enforced at multiple points to follow workloads everywhere – on the perimeter , network fabric and host . Implementing best practices will help better protect dynamic data and application workloads . Protecting core applications and sensitive data requires cloud-centric , cloud-delivered security agility to converge with Zero Trust Enterprise Architecture principles . By leveraging automation to reduce engineering and delivering consistent security , data center operators can implement Zero Trust to secure their applications , users and devices . p
Ian Lim , Field Chief Security Officer , Asia Pacific , Palo Alto Networks
How can data center operators protect themselves from such attacks ?
Basic security hygiene enhancements such as automated vulnerability / patch management , strong password enforcement and Two-Factor Authentication ( 2FA ) and adding security checks early in a software development or DevOps life cycle contribute to raising the security posture in the long run and making it challenging for attackers .
Specific to credential attacks , the use of hardware cryptographic tokens like FIDO2 would greatly limit the attack surfaces . However , these tokens create ease of use issues and should be used only for consequential access . Another form of defense can be to execute the Zero Trust principle of continuous validation on privileged access . Deploy access monitoring capabilities that will actively detect anomalies in usage and access patterns .
Data centers are also becoming increasingly open to having partnerships with business partners , distributors , customers , contractors and vendors ,
www . intelligentcio . com INTELLIGENTCIO APAC 55