Solar VPS Blog

How the Grinch Stole the Retail Industry’s Christmas… And Keeping the Grinch Out of Your Cloud Data

IT breach You have probably heard by now that the Grinch was busy this Christmas. A total of six major retailers, including Target and Neiman Marcus, were successfully infiltrated by malware, and massive amounts of user data were stolen. This trend is not just ominous for consumers. It highlights the sophistication of malware, the boldness of hackers, and the continuing threat to all businesses, especially SMB. The reason that SMB are more vulnerable to attacks is that they may not have as many goodies for cybercriminals to grab, but they often don’t have proper protections in place, and a single hack is more likely to drive them out of business. How serious is the threat for businesses? PCWorld tells the story of an executive at a Chicago manufacturing company that barely escaped a loss of hundreds of thousand dollars to controllers of malware. A virus downloaded to the CFO’s computer used standard phishing protocol to steal from the business. When the CFO browsed to the company’s bank account, she was redirected to a fake but otherwise identical site owned by the hackers. A message informed her to call customer service about a problem with the account. When the CFO called the number, she was asked a handful of “verification” questions. Moments later, $300,000 had been withdrawn by a third-party. Luckily, the company responded swiftly, and the bank was able to retain the funds. Despite the happy ending to the Chicago firm’s hack, many small-to-medium businesses do not fare as well. PCWorld cites statistics from the National Cyber Security Alliance that demonstrate how prevalent and damaging hacking is for SMB:
  • 31% of companies breached in 2012 were small businesses
  • 20% of the hacks were successful
  • 60% of the companies successfully hacked were bankrupt within half a year.
Who was behind the attack? A teenager? Web security company IntelCrawler (watch out for their super-creepy 404 error message page) investigated the incident, which according to Target impacted 70 million of its shoppers. Its findings revealed that BlackPOS, a pre-packaged and relatively unsophisticated piece of malware designed by a Russian teenager and purchased by the attackers, was used to infiltrate both Target’s and Neiman Marcus’s systems. Originally called KAPTOXA  (Russian slang for potato) and responsible for all six additional retailer attacks, the software first appeared online in 2013 and has been used for breaches of retailers based in Australia, Canada, and the United States. A report published in Slate revealed that the teenager, who used the screen name ree4, sold KAPTOXA (aka BlackPOS) to more than five dozen hackers, most of them based in Eastern Europe. It further clarifies that the attacks on Target and Neiman Marcus were launched separately: it now seems likely that the only link between them was the malware that was used. In fact, according to The New York Times, Neiman Marcus was breached in July but only became aware of the issue in December. What was taken & why it happened According to Wired, the Target hack began on Black Friday and collected information from the retailer’s point-of-sale (POS) devices. For over two weeks, it transmitted data from credit and debit cards belonging to over 40 million people to the owners of the malicious software. The hackers also received contact information for 70 million customers. All told, 11 GB of data were taken before the company was able to identify and block the intrusion. Avivah Litan, an analyst for Gartner, calls the incident “a big failure of the whole industry.” The retail giant, along with T.J. Maxx and several other retail stores and credit card processing companies, was the target of broadly destructive hacking in 2005. However, according to the analysis in Wired, the security mechanisms in place at retail stores were not substantially improved following that widescale incident, an assertion expected to be used in class-action lawsuits against the “big-box” store. Ensuring strong security In a climate in which retailers are being successfully targeted by hackers, security has become a concern of all organizations. A nonprofit called the Cloud Security Alliance (CSA) was created in 2008 with the specific goal of educating the public and industry professionals about proper security precautions to keep users safe. The organization both provides information on sound security practices with regards to web hosting and best practices for businesses to maintain and improve their systems. Similarly, Microsoft provides a security checklist, a list of considerations for organizations with regards to their own cloud systems, so that security is a top priority. Although the checklist is geared toward governmental agencies, its basic parameters are of use to businesses as well:
  • Privacy – Ideally a provider will encrypt your data, make it anonymous, and make your locations of remote access inaccessible.
  • Integration – In the case of a hybrid solution, you can make use of integration with security tools you have in place for your other systems.
  • Certification – If you have specific compliance concerns, check with your provider to make sure they are certified to meet your needs. Develop a system of metrics so you can analyze and track your cloud hosting environment. Consider the process required of your users to enter and leave the system.
  • Access – Your system should have protections (of course) to guard against malicious intrusion. Specifically consider safeguards in place for your databases.
  • Software – How does your platform keep your code from becoming corrupt? How are people vetted for managerial positions in which they might have greater access to your code? How do they test or model for security threats?
  • Location – The country in which your provider is headquartered will affect the laws surrounding your data.
  • Rights – Are you the owner of the data on your systems? Do you want to encrypt it, and do you have encryption keys that you want to use? Do you have a backup of the data? What is the process for purging the backup?
Today, malicious IT attacks are a concern for any organization. In the case of SMB, protection is especially critical, with 3 out of every 5 small business hacks resulting in bankruptcy. A cloud solution that use strong security parameters, as established in Microsoft’s checklist, can safeguard companies from harm.  

5 Lessons From the Cloud

Cloud Expo Silicon Valley

So, last week, as some of you might know, Solar VPS attended Cloud Expo 2013 in Silicon Valley. While we didn’t exhibit at the Cloud conference, our COO and President, Ross Brouse, gave a few speeches and we got pretty interactive on the social media networks all those crazy kids love. (Insert shout out here to @RobustCloud, @GESoftware, @SHI_INTL, @ThousandEyes & @AriaSystemsInc). Outside of giving speeches and getting really active on Twitter and Google +, we took the time to hear from other Cloud companies both within their keynote presentations and outside within spur of the moment meetings.

This said, we want to use this space to elucidate (yes, we are trying to expand our lexicon), on five insights we learned at the show and why those insights are either excellent or terrible. So, here we go.

1. Smaller Cloud Providers Need to Rise Up

Continue

Local Backups vs. Cloud Backups

Cloud Backup Solutions

With the Cloud becoming more and more popular for the public, a debate has popped up between Cloud providers and Cloud users. That debate centers around the use of Local Data Backups vs. Cloud Data Backups. For the vast majority of companies and personal tech consumers, the idea of storing your critically needed data locally makes sense. Use an external hard drive. Set a reoccurring backup time on a daily basis. Forget about ever backing up your data ever again. However, with the Cloud becoming more accessible to private consumers and companies of all sizes, local data backups are giving way to Cloud backups. Here’s why.

The Problem with Local Backups

  1. Local Backups Require Personal Data Encryption – Here is the thing about using your own locally stored hard drive to backup all your critical business data – it’s unsafe. Unless you are an IT expert who knows how to properly secure your local hard drive with secureExternal Hard Drive - Local Backups encryption methods and security codes to make sure hackers can’t get in, your critical data is open to the world. For the personal user who only stores music files on their local external hard drive, a hacker doesn’t mean much. But for a company storing sensitive financial data or classified documents, security is a very real threat.

  2. Local Backups are Limited – A local external hard drive is a physical piece of equipment which takes up place on your desk and is limited to a storage capacity limit. Unable to grow from its stagnate state, a local external hard drive will not grow and scale with your company as you need more storage space for sensitive data. A local hard drive is 80gb, or 120gb, or 500gb. Once you reach that maximum potential, it’s time to purchase another hard drive. This might not seem like that big of a deal but for a company of any size, who shuffles through a ton of data on a daily basis, your local limit is going to be met and exceeded quickly. This will cause headaches and cost a lot of money.
  3. Continue

Securing Your Cloud Locally

LAN Security

LAN Security

Location. Location. Location. It’s true about real estate and it’s also true about Cloud Storage Security. Even if you’re already storing your data in the Cloud, you should back up that data by storing it locally. While the Cloud has the ability to store data remotely and securely, data security is dependent on two things: Your Cloud provider and your LAN (Local Area Network) security. Why? Because all the security in the world by your Cloud provider won’t change the fact that your local machine is open game.

Cloud security or virtualization security poses risks from not just the hosting provider, but also the consumer. Why? Because even though Solar VPS takes every precaution available to ensure optimal security, in spite of our best efforts, we can’t protect your personal computers from being hacked – that’s up to you. If you’re one of the people that falls for the, “YOU’RE THE 100TH VISITOR! CLICK HERE FOR YOUR FREE IPAD!” then you can’t blame us when your server gets hacked from the inside. So, how do you accomplish true fail-safe Cloud Computing? – By utilizing the benefits of the Cloud while also storing your data locally.

Continue