With every single calendar year come new remarkable technological innovations. Some of the most modern, unfortunately, come from the minds of cyberattackers. And some others assistance IT groups fix some aged problems, but build new types. But calendar year in and calendar year out, very good fundamentals under no circumstances go out of design and style.
2021 was no different. Here’s a look back again at some of the year’s most devastating assaults, outages and cyber resilience failures, and the lessons we ought to find out from them (but probably would not).
Beware of Misconfigurations. (And Phase Your Networks, Please.)
For 6 several hours on Oct. 4, Fb, Instagram, and WhatsApp went darkish. Was it a sophisticated cyberattacker orchestrating a sophisticated denial of provider? No. It was a very simple routing protocol misconfiguration situation, exacerbated by a astonishing absence of network segmentation.
Beware of ‘Valid Configuration Changes’ Often, Too.
June eight, Reddit, the New York Occasions, Amazon and other significant internet sites have been disrupted simply because of an outage at edge cloud system Fastly. “An undiscovered application bug” established off by a legitimate consumer configuration alter. In accordance to Fastly, a application deployment in May introduced a bug that could be, and was, established off by a legitimate, ordinary configuration alter designed by one particular consumer.
AWS is ‘Too Large To Fall short,’ And Which is Pretty Bad.
Speaking of cloud outages, Amazon Net Companies expert three outages in December on your own. December 7 a notably terrible outage disrupted broad swaths of the web for far more than seven several hours. It influenced EC2 and other AWS solutions, which triggered disruptions and downtime for significant AWS customers – like Netflix and Disney In addition – as very well as Amazon’s individual solutions, like Alexa, Ring, and its package delivery administration. As Sid Nag, vice president of cloud solutions and systems investigation for Gartner, advised InformationWeek’s JP Ruth: “This was one particular of the largest because AWS begun conducting small business.”
The incidents raise questions about the dependability and resilience of the cloud and how to hold AWS and other significant tech companies accountable for sustaining their infrastructure.
Patching Software program is Tricky. Make it Easier.
The complexities in the IT source chain continue on to make application patching far more challenging. Protection professionals’ 2020 holiday break period, and a great deal of 2021, was ruined by malicious stability updates unknowingly administered by Solarwinds. A calendar year later on, an additional holiday break ruined, this time with a vulnerability in extensively utilized third-get together code.
Insurance policies Can’t Save You from Ransomware Attacks.
The ransomware assault on Colonial Pipeline in May confirmed that businesses’ hazard assessments may perhaps lead them to come to a decision to swallow their pleasure and pay a ransom. It also confirmed that, when pressed, people today will pour gasoline into plastic searching bags and that cyber insurers are fed up with keeping the bag for multimillion-greenback ransom payments. As Richard Pallardy wrote for InformationWeek in October, “cyber criminals have taken take note of cyber insurance plan alone as a opportunity revenue resource, occasionally penetrating insurers in search of their consumer lists — a prosperous resource of targets. This liability is, of class, handed along to the consumer.”