As the week kicks off, we are greeted with yet another network security breach making headline news. The story comes from Bangladesh’s Central Bank, where hackers failed in their ‘e-heist’ to transfer $951 million of funds, yet still managed to make off with a cool $81 million, which they moved to the Philippines and then funnelled towards Casinos there.
A security investigation blamed the breach on lack of basic security infrastructure – no firewalls, and outdated second hand switches. That problem there seems pretty obvious, but is there more than what meets the eye?
Security is always a combination of three pillars; technology, people, and process. In this case, technology was blamed as the primary culprit, and rightfully so. Large organisations have IT security teams responsible for ‘hardening’ the overall infrastructure. They build high walls (firewalls) and set traps (intrusion detection) around the city to protect the perimeter. The problem is that more and more frequently, attacks are coming from the inside.
The SWIFT room in Bangladesh Bank is located on the eighth floor of their building in Dhaka. It is 12 x 8 feet large, containing four servers, four monitors, and a printer. It has no windows, and would appear quite physically secure. However, the rules of traditional IP networking meant that the room is exposed to the wider network, spanning across to other remote locations. The culprit in this case was not the second-hand $10 switch which an engineer decided to deploy to connect the stations and the printer. The real culprit was relying on legacy network technology which does not offer genuine segmentation.
To draw an analogy, think of traffic on a traditional computer network like sending a letter through the standard post office system. Your envelope stops at each location, mixing with other envelopes as it is routed across the system. Now think of a courier model, where your envelope is put into a special package, hidden from the outside world, and flies directly to the destination without being exposed to any stops. Modern network technologies, called Fabrics, allow you to encapsulate traffic streams from different systems. This segregates you network into secure isolated zones, each completely separate and hidden from the rest. Fabrics also have the additional benefit of automating the response to possible breaches, dynamically moving attackers to quarantine zones, and immediately alerting network administrators.
Some might think this is a third world problem, and more developed countries have moved on. The truth is, this is a global problem. In the US, one of the largest department stores recently faced a similar breach when hackers were able to access its network using an HVAC contractor. To use our analogy, the envelopes that contain the contractor’s traffic were being mixed with the customer payment envelopes on the same postal system (network). Why was the contractor access not cordoned off? Exactly the same answer; we continue to rely on the same insecure legacy network technologies. The vast majority of enterprise networks globally have yet to move on.
While some network manufacturers continue to promote complex legacy systems, the impact on their customers is huge. Every time a CIO or network manager decides to invest in traditional network technologies, they are exposing their business and inviting hackers in. The headline news is a constant reminder for us to embrace the next generation of network technologies, and secure our businesses from both external and internal threats.