Securing the Modern Data Center
The nature of cyber-attacks is evolving. Traditional cyber-crime centered on the theft of information and attacks to shut down an organization’s Internet presence. Emerging threats include cyber destruction and cyber extortion or blackmail.
The data that runs our businesses has a lot of value to criminals, particularly data about our customers. A recent study published by Dell SecureWorks pegged the value of banking credentials at 1% to 5% of the account balance, $90 for 300,000 airline points, $30 for an America Express Card, and $500 for credentials to a corporate email account. And cyber extortionists are demanding $600 to $1800 for encryption keys to unlock data held for ransom.
There are basically two primary motivations behind these crimes: criminals that steal information for profit, and hacktivists who seek to shutdown Internet sites or destroy data for ideological reasons.
Understanding the nature of the crime can help us construct appropriate defenses.
IT organizations need to adapt their security approach to address these new threats. In the past we focused on protecting ourselves from the outside world with protection technologies such as firewalls, DMZs, VPNs and access controls. However, many of today’s new threats are unleashed on the inside; disgruntled employees, malicious Internet sites, phishing, spear phishing, and whaling emails that release malware inside of IT’s perimeter defenses.
These emerging threats are rocking our organizations. Cyber criminals seem to stay a step ahead with new malware variants and encrypted viruses, while regulatory agencies are drafting new rules on how we need to protect and test our protection schemes.
At EMC World on May 2-5, I will go over the details on these emerging threats and the challenges we face in protecting against them. I invite you to join me on Monday with my colleague Azeem Aleem from RSA to our session is titled “Securing the Modern Data Center”. Later on Monday, I will be joined by Nazir Vellani from Ernst & Young for a session titled, “Ernst & Young: Isolated Recovery Solutions” where we will cover the associated regulatory, compliance, testing, and governance for an organization’s data assets.
I’ll also be patrolling the Global Solutions booth and the Core Technologies Division booth (#364). Visit the live data center and meet the experts Stefan Voss (@VossmanVoss) and Alex Almeida (@alxjalmeida) who designed the infrastructure piece of this solution. Please to stop by either location to introduce yourself, or ask more detailed questions.