Last week’s news about a denial-of-service attack by Syrian activists on organisations like Twitter and the New York Times raises interesting questions for those of us in the security industry.
The attack has naturally drawn attention because of its high-profile targets, but also because Syria is making headlines at the moment.
At any other time, we’d probably be concerned with the oft-reported hacks emanating from China. (In fact, we were rather bemused when China’s own .cn domains were subjected to denial-of-service hacking last weekend).
Basic security loophole
What’s intriguing about the Syrian activists’ attack is how it exposes a basic security loophole that might not have appeared obvious to the firms affected.
In this case it appears that their hosting company was targeted because one of its reseller usernames and passwords had fallen into the wrong hands.
This has led to service disruptions, and web sites being prevented from operating (the NYT has been publishing its news reports via Facebook). For media companies, this kind of attack obviously compromises their ability to function normally.
But it’s not just web sites that are hosted in the cloud. More and more organisations are trusting critical data and services to outsourced hosts. The more organisations that are involved in providing your cloud services, the less direct control you have over preventing a security breach.
Take the initiative
The point is that you can’t undo a breach once it’s happened. This episode is a salutary reminder that when you outsource anything – from your web site to your core business systems – to a cloud provider, you need to take the initiative and ensure its security standards match what you’d demand of in-house services.
The more critical the system, the more important it is to take appropriate precautions.