The cyber-attack that crippled Melbourne-based web hosting provider Distribute.IT has left thousands of customers furious, with the data of almost 5,000 websites now deemed completely unrecoverable.
But the debacle has brought to light just how fickle the cloud can be. Combined with a security breach earlier this week form DropBox and the massive cyber-attack against Sony, businesses everywhere are talking about cloud-based security.
With that in mind, here are five lessons SMEs should take away from the Disribute.IT disaster.
If business owners learn nothing else from the Distribute.IT catastrophe, then it should be this โ you must grill your hosting provider about what is exactly being done to prevent such a situation happening to you.
Many SMEs admittedly donโt have the expertise or the time to learn every little detail about their IT infrastructure, and thatโs fine. But when attacks can now bring down entire businesses, now is the time to start learning.
Business owners and managers need to call their hosting providers and make sure the Distribute.IT situation cannot be repeated. Ensure their security is up to date, that multiple backups are being made, and that you have a contingency plan.
โThe cloud may not be as good as it seems,โ Sophos head of technology Asia Pacific, Paul Ducklin warns.
โCloud providers may give you many sorts of service agreements and guarantees, but having your data protected by a piece of paper may not be enough.โ
โParticularly if that agreement doesnโt turn out to be worth any more than the piece of paper itโs written on.โ
Have your IT managers sit in on calls to your providers to translate jargon, and make sure you question them as well on what would happen if a similar attack occurred to your business. Make sure you have plenty of backups so that even in a worst-case scenario, you can continue trading.
Security firms such as AVG and Symantec regularly release new threat reports that state hundreds of thousands of small businesses are suffering cyber-attacks. It will happen to you, and it will happen to your hosting provider eventually โ donโt get caught empty-handed when it does.
Having a hosted solution is great for business. After all, the growth of cloud-based software is helping a lot of companies keep their backups secure for cheap, and reduces them of the burden of having to manage their own infrastructure.
But Ducklin says SMEs donโt need to dismiss on-site infrastructure so quickly.
โWeโre in a cloud honeymoon period at the moment, but itโs important to bear in mind that if youโre one of those guys saying it hasnโt happened to you, and you want to wait as long as you can before you take your first step, then perhaps you should get walking.โ
Ducklin says thereโs nothing wrong with hosting your own infrastructure on-site. In fact, he says if you want to complement or even replace your cloud solution with servers that you know and trust, then thatโs the option you should take.
โAt least if you can do it yourself, you can see the backups being made, and once in a while you can get your employee or contractor to show you that itโs all working properly. Itโs much, much cheaper now to do this.โ
โItโs not that youโve gone crazy, or are behind the times, itโs just that youโve done the risk analysis differently. If something goes wrong, you can honestly say to your customers that you know whatโs going on, and not have to wait for a third-party hosting provider to communicate back to you.โ
If you do decide to host in the cloud, then you should be prepared. And one of the ways you can do this is set aside a significant amount of your technology budget to sign up with a trusted service provider.
Distribute.IT was not the most expensive provider around, and as one customer told SmartCompany this morning, โyou get what you pay forโ. Donโt fall into the same trap โ companies like MegaBuy Group can attest to how damaging website outages can be.
Be prepared to spend a lot of money getting your site online, and hosted by a reputable provider. It simply isnโt worth taking the risk, especially when you can lose everything.
One of the scariest aspects of hacking groups like Anonymous, LulzSec and various other attackers is that they seemingly target groups and websites at random. Businesses have been caught in the middle of the fray as well.
Your business will suffer a cyber-attack at some point. Perhaps not from these more prominent groups, but it is highly likely that eventually some outsider will try and steal confidential information from your servers โ credit card details, login information, and so on. These experts say you had better be prepared when it does.
โMake sure you get your staff up to speed,โ AVG security export Lloyd Borrett says. โMake sure they are educated, and you have security policies in place.โ
โKeep in mind itโs not just about the technology, although thatโs an important first step. You need to have your staff and people in place, and make sure they report anything suspicious, then make sure itโs addressed.โ
For many entrepreneurs technology is exciting, but for others itโs merely an inconvenience. Keeping up to date with the latest news in Trojan bugs and Exchange servers is the last thing from their mind.
Unfortunately for them, technology is now an everyday part of business. The same types of security attacks will continue to be targeted at hosting companies like Distribute.IT, and as a result, SME owners must keep up to date with the latest news in security.
AVG and Symantec publish regular reports on the latest threats, (AVGโs second quarter threat monitor was just released today), which detail the latest, most popular attacks hackers are using to steal information.
This doesnโt need to be a complicated process. Simply read the news and keep up to date with what types of attacks are occurring, then make sure youโre protected.
Even if this involves simply sitting down with your IT manager or contractor and having them explain all of this to you, such as the latest threats, new technology and so on, is beneficial. But act on this โ make sure that same IT manager is doing everything in their power to make sure your business is safe against these attacks.
Patrick Stafford is a freelance journalist and a former deputy editor of SmartCompany.
Comments