Attackers generally know that the best data to steal is more likely to be found on servers than on PCs.
“All the important things are on those servers,” notes Chester Wisniewski (pictured left), principal research scientist at Sophos. “Whether they’re in the cloud or whether they’re on premise, it kind of doesn’t matter. It’s where all the jewels are, and that’s what these crooks are after.”
Yet somewhat to Wisniewski’s dismay, channel pros and IT departments are investing the lion’s share of their time and money on securing laptops and desktops. “All of the focus of the criminals is on exploiting servers, and most IT teams are still neglecting to even protect the servers equally,” he says. “Even our customers that are buying licenses for XDR for their entire estate, they’ll install it on everything except the servers.”
It gets worse. Many participants in the current headlong race toward the cloud are forgetting to decommission the onsite servers they no longer need, and neglecting to patch and configure them properly as well.
“Roughly half of the serious incidents that we’ve dealt with in the last two years started with exploitation of assets that the IT security team was unaware of or was incompletely managing,” says Eric Skinner (pictured right), vice president of market strategy at Trend Micro.
Even trained security experts sometimes leave behind “zombie servers,” and not just after cloud migrations. Last year, security vendor Huntress, in an admirable example of transparency, disclosed that its quality assurance environment had been hacked via a temporary virtual server that was created for a product testing exercise and then left behind afterwards. A brute force attacker had little trouble cracking the server’s administrator password: abc123.
“That was certainly an ‘oops,’” says John Hammond, a senior security researcher at Huntress. Fortunately, no customer information, billing data, production systems, or source code were impacted.
