Data centers are on high alert to protect their valuable assets such as customer data, financial records, and intellectual property as the cost of an average data breach soaring to an all-time high.
“Today, more than 2.5 million quintillion bytes of data are created every day, an immense total that requires every person on earth to produce at least 1.7 MB of data every second,” wrote Tina D’Agostin, CEO of Alcatraz AI, in Forbes. “Data is the fuel powering the platforms and services that facilitate our everyday lives in the digital age. It’s also at risk like never before.”
IBM Security’s annual “Cost of a Data Breach Report” released this summer found that the global average cost of a data breach reached an all-time high of $4.35 million in 2022, an increase of almost 13 percent over two years. The cost for U.S. organizations was more than double at $9.44 million per data breach.
A “Cyber Tax” is Being Passed On To Consumers
Industry experts argue that the rising cost of these data breaches is essentially creating a “cyber tax” as companies must pass along the expenses of the attacks downstream to consumers and clients.
“It’s clear that cyberattacks are evolving into market stressors that are triggering chain reactions, [and] we see that these breaches are contributing to those inflationary pressures,” IBM Security’s X-Force research team head of strategy John Hendley told Dark Reading. “We have to think about cyber events as factors that are capable of straining the economy, similar to COVID, the war in Ukraine, gas prices, all of that.”
The IBM report found that 83 percent of the organizations studied have had more than one data breach with the four most popular methods allowing bad actors to infiltrate data centers from anywhere in the world including:
- Stolen or Compromised Credentials: 19 percent of attacks with a $4.50 million global data breach average cost.
- Phishing: 16 percent of attacks with a $4.91 million global data breach average cost.
- Cloud Misconfiguration: 15 percent of attacks with a $4.14 million global data breach average cost.
- Vulnerability in Third-Party Software: 13 percent of attacks with a $4.55 million global data breach average cost.
The IBM report says that when a data breach occurs via a physical security compromise that it takes, on average, 217 days to identify the breach, and another 63 days to contain the breach for an overall average time of 280 days.
Nearly 1 in 10 Data Breaches is Via Physical Security Compromise
While the focus on digital attacks is well warranted, the fifth most popular avenue of data breach attack was actual physical security compromise, occurring in nearly 1 of 10 attacks with an average global cost of $3.96.
Physical security compromise accounted for a higher percentage of data breaches than:
- Business Email Compromise
- Malicious Insider
- Social Engineering
- System Error
- Accidental Data Loss or Lost Device
“It’s easy to fall into a trap where you assume a data breach comes via malware infection, stolen credentials, or a lost laptop. But in the eyes of compliance officers and data breach regulations, it doesn’t matter how a breach occurs. If the data is in any way compromised by an unauthorized source, that means it has been breached,” says Security Intelligence.
The publication says that data center physical security breaches can take several different avenues, including:
- Unauthorized access to the server room to set up remote access or download malware directly onto the server.
- Theft or damage of hard drives or other equipment resulting in lost data.
- Installation of rogue devices in the server room to steal sensitive information.
“While data servers should have cybersecurity systems and tools in place to prevent data breaches, employees don’t always treat the security of the physical servers with the same high levels of protection,” says Security Intelligence.
Keeping Your Data Center Safe from Physical Attack
Protecting the physical security of your data center extends beyond cyberattacks as you must keep the facility safe from power outages, fires, floods, and other man-made and natural disasters.
“Physical security also means protection from natural disasters. Hackers aren’t the only way your data can be compromised,” said Security Intelligence. “Various systems need to be put in place to proactively manage any type of natural disaster.”
Data center redundancy such as backup sources of power and routine backup of data is important in the event of natural disasters.
When it comes to stopping physical cyberattacks, you can think of your data center in terms of four layers:
- Layer One: Perimeter and Outside of Your Facility
- Layer Two: Facility Entry
- Layer Three: Computer Room Access
- Layer Four: Cabinet Controls
The deeper the layer penetrated by a bad actor, the more damage can be done.
Here are some ways to protect your data center in each layer:
- Perimeter Control: Following the arrest of a Texas man recently plotting to blow up an AWS data center data centers have to take a hard look at their perimeter control. The harder it is for outsiders to get near the facility the better protected it will be. Physical locations away from roads and other buildings are ideal. Fencing, walls, berms, car barriers and other infrastructure can be utilized. Security cameras should be deployed, and some facilities use security guards to patrol their perimeter.
- Facility Control: It is important to have only a single point of entry and exit into your facility. Human checkpoints can be used as well as system protections such as turnstiles or mantrap doors that allow only one person through at a time to prevent an unauthorized person from gaining entry to the facility. Biometric entry systems can also keep your data center secure.
- Computer Room Control: Even if an unauthorized person can gain access to your data center, that should not allow them unfettered access into your computer room. Multiple layers of authentication should be used for computer room access. Like your facility entry and exit, your computer room should have just one clear point of access. Badge scans, key codes, biometrics, security cameras, and security guards can all be options to be deployed at your computer room entry and exit point.
- Cabinet Controls: Each server should be treated as its own unit with different passwords, locking systems, and multi-factor authentication. This is the most vulnerable layer for your data center so even if a bad actor has made it to this point, they should be stopped from accessing your hardware and data by complex security protocols. For some sensitive servers and cabinets, data centers require two-key access with two employees needed to access the server, each with unique keys.
“Even as companies migrate most of their data to public clouds, there will always be a need for onsite servers. As long as they hold corporate data, they are at risk of a data breach and require physical security to protect them,” concluded Security Intelligence.
