2016 was the year of the mega-breach. From the top web companies, to government agencies, to healthcare institutions, organizations far and wide fell victim to malicious attacks that stole precious user data and sullied company reputations. A data breach costs organizations real money, and leaves a tarnished image that takes years to remedy.
In this article, we take a look at some of the biggest cyberattacks of 2016, then explain how containers can be used to help prevent similar attacks in the future.
2016 data breaches
Here are some of the biggest data breaches of 2016:
1. FBI & DHS
Hackers published 30GB of leaked FBI and Department of Homeland Security (DHS) employee data. This data was acquired using stolen login data of one employee, and a security token manually handed over to the hacker by the IT security team. The data included personal information of 20,000 FBI agents, and 9,000 DHS employees. The problem could have been avoided with better architecting of the system for security.
2. IRS “Get Transcript” app
The IRS launched an app called “Get Transcript,” which would inform taxpayers of their tax history. This app was compromised using data that the IRS says hackers got from unsecured partner organizations of the IRS. The fraudsters use their credentials to file fake tax refunds. The IRS responded by taking down the app, and have since re-launched it, now with two-factor authentication for improved security. This incident affected over 700,000 taxpayers. But that wasn’t the end of the IRS’ cybersecurity woes. There’s been another similar attack this year, this time affecting an app that was used to file for student aid.
If there’s a mother of all breaches, it has to be the Yahoo breach. This breach affected one billion Yahoo users and was discovered three whole years after the start of the breach. Much of the compromised data was unencrypted, making the hack even more dangerous in terms of the sensitivity of information leaked. This leak has cost Yahoo $350M in its acquisition by Verizon, but likely even more for the one billion users affected.
Clearly, there needs to be a better way to build applications so that these breaches are spotted sooner, stopped immediately, and user trust is not lost. But in the age of the cloud, computing attacks spread faster than most organizations can stop them. In this age of sophisticated cyber crime, it takes an equally sophisticated security system to respond appropriately.
Containers enable security in the cloud
To be secure in the cloud, applications can no longer be architected as monoliths, but instead need to be built and deployed as a collection of microservices. This is where containers come in. Containers enable microservices in a way that traditional servers and virtual machines are unable to.
Containers enable you to run your applications over distributed infrastructure, and as an interdependent collection of microservices. This enables you to monitor and retire infected containers without affecting neighboring containers. This way, you restrict the spreading of an attack, and your app can still function, though it may lack some features.
Containers are safer because they reduce the surface area exposed during an attack. According to Aaron Grattafiori of the NCC Group, containers “create a method to reduce attack surfaces and isolate applications to only the required components, interfaces, libraries and network connections.”
Containers are the key to security in the cloud. This is not just because of the secure architecture they enable, but also because they let you respond to attacks faster than ever.
Containers need purpose-built security tools
Containers can help prevent intrusions faster than before, and modern cloud-native security tools like Twistlock help ensure container security. Purpose-built container security tools can help identify root causes faster because of how deeply aware they are of the container system at any point in time, especially during an attack. With traditional security tools, searching the entire stack thoroughly for the root cause of origin of an attack can take hours or even days to perform. This is precious time wasted. With containers and a container security tool, you can easily pinpoint the compromised container in real time.
In fact, container security tools leverage machine learning algorithms to crunch large quantities of performance data in real time and surface just the relevant data during an attack. This saves precious time when investigating and responding to an attack. Just as importantly, they don’t suffer from tunnel vision as older tools do by looking at just internal data—Instead, they also consider known vulnerabilities from external security services. They are aware of risky IP ranges, and can even identify suspicious attack signatures before the attack actually happens. They proactively scan the entire system and pinpoint vulnerabilities that need to be addressed.
As cybercriminals develop increasingly sophisticated ways to attack cloud applications, security teams need to respond with equally sophisticated security strategies and tools. Containers are the answer to security in the cloud because of the small attack surface they expose, and the decentralized architecture they enable. However, to be fully effective, it helps if they’re bolstered with a purpose-built container security tool. The combination of containers with a capable container security tool like Twistlock is precisely what security teams need as they combat a new age of cyber criminals.