Spearphishing attacks, and specifically those that come via social media and e-mail, are becoming more prevalent and keeping data centre managers on their toes, says Andre Schoeman, senior product manager: data centre security at Neotel.
Schoeman says social media has lent impetus to the growing trend of targeting specific individuals in business, and the information to which they have access.
It works like this: the social media pages of individuals with high levels of access to corporate data (such as C-suite and top management) are scoured for information to use in the attacks. Once the attackers identify a person's hobby (for instance deep sea angling), they send the target an e-mail relevant to deep sea angling (for instance an e-mail with a link to a Web page about different deep sea fish species). The target follows what looks like a legitimate link, which does display deep sea fish, but also plants malware on their device. The malware mines their system for data and security is compromised in the process.
This brings to the fore the need to "not take the candy approach to security in the data centre" - a hard outer shell (the firewall), with a chewy inside (unfettered access once inside the firewall), says Schoeman.
"We can't take away the target's love of deep sea angling, their smartphone, or their Facebook page, but we can limit the effect of what the target clicks on and the vulnerabilities to which they are exposed. We've created a product suite that actually monitors the things that people click on in e-mail or browsers and scrubs the content, looking for malicious code or code that will harm the user. In this way, even if the spearphishing works, it is limited in its danger. And we actively block, we do not just alert people to the danger."
These solutions form part of Neotel's services at its two data centres in South Africa, one in Cape Town and one in Johannesburg, backed up by the 42 global data centres run by parent company Tata Communications.
"We have a wide range of customers who benefit from our solutions - from small businesses right through to the biggest organisations in SA, retail banks and government departments. The value proposition of our approach to data centres has struck a chord with a wide variety of people and not segregated to a specific segment."
On the question of how safe the cloud and data centres are, generally, Schoeman shoots from the hip: "It depends on who made it [the cloud or data centre], and with what intent it was made. Think of a cloud service as a motor car. Every car and every model takes you from home to work, but one car will guarantee you 500km without anything breaking down, while another will do it fast but might break down halfway through. In the same way, the intent of every cloud service determines where emphasis was placed in its design."
He warns that not all data centres are created equal, particularly when it comes to cloud services. IT people tend to take for granted that that the hypervisor will take care of security, but the rigour with which the hypervisor is implemented affects overall security of the solution.
"In most cases, the hypervisor will ensure that a vulnerability in Person A will not affect Person B on the server level. However, if they are on the same LAN segment, once Person A is compromised and that server becomes the target of a DDOS attack, Person B on the LAN segment will be affected. You have to look at the multiple levels at which an attack can take place, and look at each level carefully, to create inherent security. That's why our data centre was designed with security as the main focus - the brief was for the data centre to be intrinsically secured."
He warns that companies that keep their servers onsite at their own offices should not forget about the very basic issue of physical security.
"The main loss of that machine is not the physical tin which their insurance will replace for them, but the data that sits on the tin, and the POPI liability of the personal information that sat on the server.
If somebody steals the physical server and sells the data on it, not only have you lost your records of how much Mrs Smith owes the dentist, but also compromised the privacy of the patient," Schoeman says.
One of the main advantages of using a data centre, he says, is the ability to limit access to servers, both physically and electronically. "Irrespective of whether your servers are inside a data centre or in your offices, you will be protecting them through the non-negotiables like firewalls, intrusion protection, content scanning, and the like. But using data centres means you can centralise your security access points to a certain area only, which brings significant value and reduces the complexity. As a result of their higher reliability, data centres can get away with having only one entry point, because the centralisation brings a reduction in complexity. The key thing is to ensure the distinct segregation between customers, and giving each customer only one door to the outside."
In the process, companies gain better levels of compliance with the King Report, the ECT Act and the Protection of Personal Information Act (POPI Act), all of which Schoeman believes are merely consolidated and clarified in the Cybercrimes Bill. "From our point of view, it is a good thing to have the security posture of SA's data and intellectual property nicely articulated in a bill. It also places emphasis on international cooperation around cyber attacks and spearphishing, which should help curb the threat," he concludes.
Share
Editorial contacts