Data Centers in Asia Targeted By Hackers

Vice President and Regional Chief Security Officer, Asia Pacific & Japan, Palo Alto Networks

As the demand for data centre services in Asia continues to rise, the risks of cyber attacks have become a major concern. Recent reports indicate that hackers have started selling login credentials for some of the largest Asian data centre operators, posing a threat to some of the world’s biggest businesses that use these data centres. Such incidents can have disastrous consequences for any data centre player, making it important to explore the topic with cybersecurity experts.

CIO World Asia spoke with Sean Duca Vice President and Regional Chief Security Officer, Asia Pacific & Japan
Palo Alto Networks about the possible repercussions of cybersecurity incidents on data centre players in the region.

Possible Repercussions of Cybersecurity Incidents on Data Centre Players in the Region

According to a recent report, by 2025, the APAC region is expected to generate 6,000 terabytes of data per second. To analyze and derive customer insights from such a huge volume of data, digital infrastructure development, especially data centers, is critical. Data center players are adopting innovative technologies such as IoT and automation to improve their efficiency and cater to customers’ demands for ubiquitous access. However, these technological advancements also make data centers vulnerable to cyberattacks, increasing their complexity in cybersecurity.

Data centers store a vast amount of confidential, personal, and financial information about their customers, stakeholders, and employees, which can be exploited by cybercriminals, costing businesses a considerable sum of money to investigate and remediate. It is crucial to note that data centers are lucrative targets for cybercriminals and state-sponsored hackers, and in some cases, the attacks aim to steal or destroy data.

A cybersecurity breach of data center providers can have severe consequences that can affect major cloud service providers and their customers who use their services. Such an attack can interfere with critical information infrastructure, ultimately impacting our digital society’s very foundation.

The Security Posture of Data Centre Operators in Asia

Although cloud platforms and the data centres that host them are designed with reliability, security, and redundancy, cybersecurity incidents remain a persistent threat, including in Asia.

The security standards for data centres vary depending on the type of data centre your business uses. For instance, if your business uses a third-party cloud service provider for data management and storage, you would likely use a public cloud data centre. It is crucial to research your service provider’s security standards and ensure that they meet or exceed industry standards and certifications. Physical security threats to data centres can be equally damaging, so businesses must ensure that data centres are committed to securing their physical network infrastructure.

The Impact of Cyber-Attacks on Data Centre Operations

Data centre outages can result in significant financial losses, as per the Uptime Institute Global Survey of IT and Data Centre Managers 2020, which reported that four out of ten outages cost between US$100,000 and US$1 million, and about one in six costs over US$1 million.

A cybersecurity breach in data centres can halt operations, leading to severe financial losses and causing harm to workers, equipment, and the environment. Such attacks can result in irreparable damage, such as the destruction of data and much more.

For instance, an attack on a data centre’s HVAC system can compromise its ability to cool its servers. Without proper cooling, the data centre has to shut down its equipment to avoid a more significant disaster. A recent incident in the region showed how HVAC issues brought important business operations down, although it was not a cybersecurity attack. In conclusion, cyberattacks can cause significant business interruptions, disruptions, and lost revenues.

Methods Employed by Hackers to Acquire Data Centre Login Credentials

Hackers often view data centres as a valuable target for launching supply chain attacks because compromising a data centre provides them access to major companies and cloud service providers. Data centre operators have multiple portals for their customers, administrators, and third-party contractors to access, each of which can be a potential target for credential attacks.

Credential attacks can occur in various ways, with single-factor authentication portals being highly susceptible to brute force and dictionary attacks. Weak endpoints can also be compromised through phishing attacks. Although the use of two-factor authentication (2FA) significantly increases the level of protection, attackers can still target 2FA using methods like SIM swapping and man-in-the-middle attacks.

Protecting Data Centre Operators Against Credential Attacks

To improve their security posture and make it difficult for attackers to compromise their systems, data centre operators can implement basic security measures such as automated vulnerability/patch management, strong password enforcement, and two-factor authentication. Additionally, implementing security checks early in the software development or DevOps lifecycle can enhance security in the long run.

When it comes to credential attacks, hardware cryptographic tokens such as FIDO2 can help to limit the attack surfaces. However, these tokens may create ease of use issues and should only be used for consequential access. Another approach to defending against credential attacks is to apply the Zero Trust principle of continuous validation on privileged access. Access monitoring capabilities can be deployed to actively detect anomalies in usage and access patterns.

Data centres often form partnerships with third parties such as distributors, customers, contractors, and vendors, which can expose them to vulnerabilities. Therefore, security must be enforced at multiple points to protect workloads everywhere, including on the perimeter, network fabric, and host. By implementing best practices and cloud-delivered security agility, data centre operators can safeguard their core applications and sensitive data. Automation can also be leveraged to reduce engineering and deliver consistent security, allowing data centre operators to implement Zero Trust principles to secure their applications, users, and devices.

Collaborating C-suites with CIOs and CISOs

The increasing complexity of IT infrastructure with the move to the cloud and the rise of hybrid workforces is making it more challenging to safeguard organizations against security breaches. The security of the organization is now a board-level concern, and there is a greater expectation of transparency and continuous demonstration of the effectiveness of the security measures.

As if the immediate risks weren’t enough, organizations are now expected to respond even faster to attacks, learn from ongoing incidents, and apply that knowledge to prevent future breaches. Organizations are realizing that they need to move from a reactive to a proactive security approach to achieve resilience by aligning their defenses with their biggest risks. Achieving this requires assessing and testing security controls, adopting a threat-informed strategy, and being able to respond promptly to security incidents. Cybersecurity has become a concern for the entire organization, and it is crucial to work together to address these challenges.