According to the 2023 State of Storage and Backup Security Report from cybersecurity firm Continuity, the security gap for enterprise storage/backup devices compared to other IT and network security layers is rather important. Continuity based its report on an assessment of 245 environments with 8,589 storage and backup devices from major vendors including Dell, NetApp, Veritas and Hitachi Vantara.
Most of the companies Continuity surveyed were from the financial sector, but also included companies in the healthcare, telecommunications and IT services sectors. Given the growing reliance on data backups in enterprise ransomware recovery plans, the evidence of proliferating vulnerabilities affecting storage and backup devices is significant.
Companies that fail to manage vulnerabilities
According to the report, Continuity detected a total of 9,996 individual security issues (vulnerabilities and security misconfigurations). There were over 270 security principles that these security issues did not properly adhere to. Additionally, the statistic of an average of 14 vulnerabilities in enterprise storage/backup devices (with an average of 3 rated high or severe) was nearly identical to last year’s survey. This means that little corrective action has been taken.
The report writing team noted that while unpatched vulnerabilities in storage/backup systems are a primary attack point for most ransomware, existing vulnerability management tools ignore that these systems are not well. Covered.
“Securing enterprise storage and backup systems is an important part of a company’s cyber resilience strategy,” said Dennis Han, principal analyst at Omdia. Business continuity is just as important as rapid data recovery in the event of data loss or theft. “It is therefore even more important to protect data wherever it exists and to ensure that storage and backup systems do not become an entry point for attacks.”
Top 5 Storage/Backup Device Security Risks
The top 5 storage/backup device security risks detected by Continuity are:
- Insecure network settings (weak protocols or encryption)
- Unresolved CVEs
- Access rights problem (overexposure)
- Insecure user management and authentication
- Insufficient logging and auditing
Other less common but higher risk factors included software supply chain management vulnerabilities, misconfigurations, failure to use anti-ransomware features, and undocumented and insecure API/CLIs. Factors such as the Russian-Ukrainian dispute, compliance and insurance issues, and the separation between IT infrastructure and security teams contribute to the risk, Continuity added.
How to Manage Storage/Backup Device Security Risks
In its report, Continuity outlines the business impact of the five most common security risks to storage/backup devices and how to mitigate them.
Hackers can exploit insecure network settings to retrieve and alter configuration information and stored data. To address these risks, Continuity reduces knowledge gaps on security concepts, risks, and best practices for storage/backup networks, organizes internal requirements to enforce industry recommendations, and identifies gaps between requirements and actual parameters, and to review and implement a process to effectively and continuously assess your level of storage/backup security.
Unresolved CVEs can lead to file exfiltration, DoS attacks, and file and block device takeover. It is therefore a good idea to scan your storage/backup environment to identify and fix critical vulnerabilities with high CVSS scores as soon as possible. Continuity recommends improving the CVE identification and remediation system with tools that provide this capability.
Access rights issues put companies, their data and their copies at risk. In some cases, the operating system of the host using the storage may also be damaged. Continuity highlighted the need to implement a management and control plan and a least privilege access model to audit as often as possible and resolve issues as quickly as possible.
Hackers can take full control of storage/backup systems by exploiting incorrect and insecure configurations to exfiltrate and destroy data and copies. Mitigation methods include locking or renaming (or deleting if possible) master user accounts, deleting local user accounts, segregating responsibilities and access roles for copies of primary and secondary data and multi-factor authentication (MFA).
Insufficient logging/auditing can mask malicious activities from cybercriminals and hamper the ability of core security tools to detect anomalies. To minimize this risk, logs should be written to external repositories. At this point, redundant logging targets for each device and external time spikes using at least two NTP sources should be configured, authentication failures, management/security configuration events, and storage access events for sensitive data all must be logged, and logging must be subdivided.
editor@itworld.co.kr
