With every year come new extraordinary technological innovations. Some of the most innovative, sadly, come from the minds of cyberattackers. And others help IT teams solve some old problems, but create new ones. But year in and year out, good fundamentals never go out of style.
2021 was no different. Here's a look back at some of the year's most devastating attacks, outages and cyber resilience failures, and the lessons we ought to learn from them (but probably won't).
Beware of Misconfigurations. (And Segment Your Networks, Please.)
For six hours on Oct. 4, Facebook, Instagram, and WhatsApp went dark. Was it a sophisticated cyberattacker orchestrating a sophisticated denial of service? No. It was a simple routing protocol misconfiguration issue, exacerbated by a surprising lack of network segmentation.
Read: 5 Lessons from Facebook, Instagram, WhatsApp Outage: Facebook learned the hard way that a single configuration error can take down the mightiest of networks. Here are a few things that can help enterprises avoid making the same mistake.
Read (from Network Computing): BGP Config Change, Not Cyber Attack, Brought Down Facebook: Enterprise IT takeaways from the Facebook outage: Tread carefully when making BGP config changes and avoid putting everything (DNS, apps, and more) on one network.
Beware of ‘Valid Configuration Changes’ Sometimes, Too.
June 8, Reddit, the New York Times, Amazon and other major websites were disrupted because of an outage at edge cloud platform Fastly. “An undiscovered software bug” set off by a valid customer configuration change. According to Fastly, a software deployment in May introduced a bug that could be, and was, set off by a valid, normal configuration change made by one customer.
Read Cloud Outage Fallout: Should You Brace for Future Disruption? The outage of Fastly’s services lasted all of 49 minutes, yet its widespread impact shows how pervasive reliance on the cloud has become.
AWS is ‘Too Big To Fail,’ And That’s Very Bad.
Speaking of cloud outages, Amazon Web Services experienced three outages in December alone. December 7 a particularly bad outage disrupted wide swaths of the internet for more than seven hours. It affected EC2 and other AWS services, which caused disruptions and downtime for major AWS customers – like Netflix and Disney Plus – as well as Amazon’s own services, like Alexa, Ring, and its package delivery management. As Sid Nag, vice president of cloud services and technologies research for Gartner, told InformationWeek’s JP Ruth: “This was one of the largest since AWS started conducting business.”
The incidents raise questions about the reliability and resilience of the cloud and how to hold AWS and other major tech companies accountable for maintaining their infrastructure.
Read: Outage and Recovery: What Comes Next After AWS Disruption: Though many services were eventually restored, questions remain about the risks of concentrated reliance on cloud providers.
Patching Software is Hard. Make it Easier.
The complexities in the IT supply chain continue to make software patching more difficult. Security professionals’ 2020 holiday season, and much of 2021, was ruined by malicious security updates unknowingly administered by Solarwinds. A year later, another holiday ruined, this time with a vulnerability in widely used third-party code.
Read: Log4J Attacks Confirm Need for DevSecOps, Automation, SBOM: Federal agencies have until Dec. 23 to comply with an emergency directive that mandates mitigations. But patching 3rd-party open-source code is tough, and manual processes make it tougher.
Read: The Perils of Patching: In any IT shop these days, security must be front of mind. A cautious approach to applying software patches may slow things down -- but sometimes that can be a good thing.
Read SolarWinds CEO Talks Securing IT in the Wake of Sunburst: Lessons learned from the pandemic and the aftermath of the Sunburst cyberattack puts the IT trends report issued by SolarWinds in a special context.
Insurance Can’t Save You from Ransomware Attacks.
The ransomware attack on Colonial Pipeline in May showed that businesses’ risk assessments may lead them to decide to swallow their pride and pay a ransom. It also showed that, when pressed, people will pour gasoline into plastic shopping bags and that cyber insurers are fed up with holding the bag for multimillion-dollar ransom payments. As Richard Pallardy wrote for InformationWeek in October, “cyber criminals have taken note of cyber insurance itself as a potential revenue source, sometimes penetrating insurers in search of their client lists -- a rich source of targets. This liability is, of course, passed along to the customer.”
Read: The Cyber Insurance Market in Flux: With cyber-attacks on the rise, cyber insurance is becoming a necessity for many organizations. But costs are skyrocketing, and claims are being denied.
Read: What to Do in the Wake of the Colonial Pipeline Hack: Cyberattacks don’t just impact a single organization. It’s one of the energy industry’s worst kept secrets that they’re behind the curve of digital transformation.
Read: The Cost of a Ransomware Attack, Part 1: The Ransom Tens of thousands or tens of millions? What's the going rate of a ransom request? Part 1 of 2.