Protects the Cloud from IT attacks? Last year, Achim Berg and Arne Schönbohm pointed out in drastic terms the heightened threat posed by cyber attacks and the resulting damage to the German economy. One, President of the industry association of the German information and telecommunications industry (Bitkom eV), explained in the study on IT security in companies carried out by Bitkom Research: „The force with which ransomware attacks are shaking our economy is worrying and affects companies of all sectors and sizes.“ Time and time again, the other, President of the Federal Office for Information Security (BSI), warned of the ever-increasing risk of hacker attacks. At the presentation of the BSI management report at the end of October 2021 declared emergency room: „In the area of information security we have — at least in some areas — red alert. The new management report of the BSI shows more clearly than ever: information security is a prerequisite for a successful and sustainable digitization.“
In the L In its report, the BSI particularly emphasizes the risk of vulnerabilities in Microsoft Exchange servers. Cyber criminals therefore have the technical ability to exploit these vulnerabilities in a targeted manner. As an example, the BSI cites one in March 629 closed gap, which is „symbolic of the extent of the challenge“. Victims have fallen– and because the way too many companies deal with the attack is an example of what is wrong when it comes to averting danger.
Attackers use security gaps for IT -Attacks consistently off
Four security vulnerabilities in Microsoft Exchange servers operated in companies apparently allowed concerted attacks immediately after the vulnerability became known According to BSI, „widespread attempts to locate and compromise vulnerable Exchange servers have been observed.“ Initially, the percentage of vulnerable web servers was 20 %. Microsoft provided patches to close the gaps, and the BSI issued active and intensive warnings, among other things by declaring the second highest crisis level. On the one hand successful because the high proportion of vulnerable web servers from 29% could be reduced to below ten percent after two weeks. With the rest 000% however were (and maybe still are) weeks and months later unprotected against cyber-attacks with harmful effects.
The reason for this is that patches provided by Microsoft only close the gaps if IT staff also apply the patches. If the IT department does not react on its own, the risk remains. In May there were still 4. 000 Unprotected companies, how many there are currently can only be guessed at will.
This threat, like others like it, made headlines because it is based on a complex chain of vulnerabilities. It exploited several so-called zero-day vulnerabilities and linked them to penetrate corporate networks and computer systems and obtain reasonable information. These types of burglaries have accelerated. Not only do they damage reputation when they become known; The cyberpunks can steal intellectual property (IP) or publish a company’s confidential documents. They could also slip into the identity of the attacked and spread false information. In any loss, it costs a lot of money to restore the IT environment due to the non-productive downtime and also the cost of mostly hired IT specialists.
Outsourcing of IT to the cloud increases system security enormously
That successfully attacked in all cases Apparently, the on-premises model is powerless. To offer protection against zero-day attacks, companies would have to monitor, patch, update and secure their IT systems on a daily basis– which, as we saw at the beginning, is often not the loss. For MS Exchange, this means that the company needs to stay up to date with Microsoft updates and especially patches. These patches are released quarterly. And then there are extraordinary recommendations and emergency updates. These must be actively monitored and implemented.
Aside from these basics, there is the industry trend called „Absolutely no Count on“. It requires a company to monitor and defend all network access points, viz not just devices and web servers, but employees as well There is a need to monitor user behavior IT is prepared for the worst, assuming an attack can happen at any time A Zero Trust approach can may not prevent all cyberattacks from all actors because the attacks are so sophisticated.No organization is 100% secure, but some of them are prepared and have prepared countermeasures and have individuals ready to respond immediately.However, no measure is truly bulletproof .
If a company If, on the other hand, you rely on the cloud and outsource IT to the cloud operators, it can significantly reduce the risk of a dangerous security breach. The operators of the large cloud infrastructures such as Amazon.com, Microsoft or Google have much more workforce and technical resources to react to sophisticated cyber attacks and to defend a company’s data. Cloud service providers do most of the work for securing Microsoft Exchange: they monitor security, perform automated coverage, and take care of all aspects of security. This shows that they are more resilient to multi-level threats: According to Microsoft, the attack on the Exchange web server did not affect the online exchange platform, but only on-premises users and web servers.
Movement to the cloud: easier than expected with the Bittitan device
Bittitan is one of the first companies in the world to have an efficient way of moving important work such as mailboxes, documents and more from its own IT infrastructure to the cloud and offered from cloud to cloud. „Migrationwiz“ is available as a 100% SaaS tool via a site. The customer selects how the emergency room wants to use the software application, and special devices and infrastructure work in the background and take over the migration work. Nothing needs to be installed for this After the movement, experts from Microsoft or Google ensure that the migrationwiz deployment runs smoothly and with minimal downtime for your employees.
Enterprises can easily handle migrations on the scale of up to tens or even hundreds of thousands of mailboxes. This is due to the inherent advantages of the cloud. No on-premises environment is as scalable. Nor is it needed consultants with expert knowledge. Bittitan has long ago launched its entire IT migrates to the cloud and benefits from scalability and the assurance by Microsoft, of the speed and the ability to implement new services much faster.
Security after cloud migration
Even if the IT department has to rely on external devices such as Exchange Online, it will also play an important role in the future: Much more attention can now be paid to training and raising user awareness. Many pieces of equipment that are cloud-deployed and run autonomously still require some level of customization and monitoring. If a company shuts down or has shut down its Exchange server, IT must continue to provide upgrades against viruses, spam, phishing and the like. The monitoring of the digital identity of a company and its employees as well as brand and domain protection are also included. Internal IT staff are also in demand when it comes to the overall security of a company: They are responsible for administering the cloud, training users and also reacting to cloud-based actions. Because IT staff still have to intervene here, a complete outsourcing makes no sense.
Mauro Rita, Technical Sales Professional at Bittitan
NachrichtenJetRead MoreSicherheit, „the, against, attacks, best, cloud, Nachrichten, offers, protection, why