Access and Feeds

Storage: Misconfigurations and Vulnerabilities Make Storage and Backup Environments Easy Hacking Targets

By Dick Weisinger

Enterprise IT storage and backup environments are lagging considerably behind application and networking security.

A 2021 study by Continuity Software analyzed data from 400 different types of enterprise storage devices obtained from customers in banking, financial services, healthcare, and elsewhere. The devices included storage device top-name vendors like Cisco, Dell EMC, hitachi, IBM, and Netapp. The analysis identified more than 6300 different vulnerability and misconfiguration problems.

Gil Hecht, Continuity Software CEO, said that “of the three main IT infrastructure categories — compute, network, and storage — the latter often holds the greatest value, from both security and business perspectives. Security vulnerabilities and misconfigurations of storage devices present a significant threat, especially as ransomware attacks have taken hold of businesses over the past few years. Yet based on our analysis, the security posture of most enterprise storage systems is strikingly weak. Organizations must act immediately to better protect their storage – as well as backup systems – to ensure their data is secure against ransomware and other cyberattacks.

Doron Pinhas, CTO at Continuity, told DarkReading that “successful ransomware is just the tip of the iceberg Attackers who succeed in accessing the storage environment can destroy all available recovery options, including replicas, backups, immutable copies, storage-based snapshots, and recovery keys. Existing threat intelligence solutions do not cover storage well. Organizations typically own most of what they need to properly secure storage systems. The bigger problems have to do with awareness, education, informed planning, and control.”

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Leave a Reply

Your email address will not be published. Required fields are marked *