How the world's top Internet companies, easily hacked by hackers

 　　Would you believe it one day when you see tweets from former US President Barack Obama, Amazon CEO Bezos, Warren Buffett, Tesla CEO Musk and many other famous celebrities calling for you to send bitcoins to a specified address and get them back in the form of a double refund?

　　It's hard not to believe, right, because it's coming from the "official Twitter". And that's what happened in August of this year, when a massive Twitter account breach rocked the world. This security incident shows that we need to deploy strong cybersecurity measures, but are our companies ready to face the endless attacks?

　　The World's Top Internet Companies

　　How easy it was for hackers to breach

　　In October, the New York Financial Services Authority (FSA) released a report on the July 15 Twitter security incident, which provides a comprehensive overview of the details and process of the hack.

　　Here is a portion of that report, which allows us to understand how the hackers breached Twitter's weakest link.

　　The Twitter breach began on the afternoon of July 14, 2020. At that time, at least one hacker called multiple Twitter employees, claiming to be a service worker in Twitter's IT department. The hacker claimed to have called to help resolve problems encountered with Twitter's virtual private network (VPN).

　　VPN issues have been common among Twitter employees since the company switched to remote work. The hacker then tried to direct the employee to a phishing site that looked exactly like the legitimate Twitter VPN site and had an extremely similar domain name.

　　As the employee entered their account password into the phishing site, the hacker would simultaneously enter that information into the real Twitter site. This fake login generated an MFA (Multi-Factor Authentication) notification asking employees to authenticate themselves, which some of them did. By this point, the hackers had completed the most critical piece of the entire intrusion.

　　

　　On the face of it, the intrusion caused almost no direct damage to Twitter - the hackers obtained over $118,000 worth of bitcoin from users. But what is clear is that the impact of the Twitter intrusion went far beyond the fraud itself.

　　Following the intrusion, Twitter stated that it would implement additional security controls to prevent similar attacks in the future, such as improved MFA, increased cybersecurity awareness training, and announced the hiring of a new CISO (Chief Information Security Officer) in late September 2020. Twitter has paid a heavy price for weak security awareness, but what is more critical is how user confidence is regained.

　　Twitter said, "This security breach could affect the market's perception of the effectiveness of our security measures, and people could lose confidence in us and reduce or even stop using our products and services altogether."

　　The IT industry is changing dramatically

　　Trying to say protection is not easy

　　According to relevant statistics, the collateral damage caused by experiencing ransomware virus such as downtime, business stoppage, litigation and reputation damage will be more than 23 times the ransom, however, the fast-changing IT environment also puts tremendous pressure on enterprises, which are often overwhelmed by the endless means of attack.

　　

　　This year's sudden new crown epidemic is a stark example. When global enterprises have to carry out telecommuting to keep their business running, it means that it is impossible to ensure that all endpoints are equally well defended, creating a once-in-a-lifetime opportunity for hackers. Some security companies have calculated that ransomware attacks grew 40-fold during February-March of this year, when the new crown epidemic was at its worst.

　　As you can see, ensuring the protection of data has become a business imperative as it grows and becomes increasingly important to organizations. However, there have been significant changes across the IT landscape that have put tremendous pressure on the way traditional data protection services are delivered. New approaches are urgently needed to address the growing data protection challenges.

　　In short, for the next decade, the following four trends will profoundly affect the development of data protection.

　　

　　1

　　The value of data

　　The first trend leading to disruptive changes in data protection is the exponential growth of data, which IDC predicts will soar to 175 ZB by 2025, and enterprises will need to protect the growing volume of data in a consistent, reliable and affordable manner without impacting application performance or compromising data governance, regulatory compliance and security.

　　At the same time, in addition to the proliferation of data volumes, the value of the data itself is being increasingly valued. Companies are finding new ways to profitably use their data to improve the customer experience, enter new markets and increase revenue. In short, as organizations undergo digital transformation, data will not only support their business needs, but data actually becomes the business itself, making data loss completely unacceptable.

　　In fact, data loss incidents are becoming increasingly expensive for organizations of all sizes. According to the Global Data Protection Index (GDPI) survey, organizations that experience data loss have lost an average of nearly $1 million in revenue over the past 12 months. Respondents to this survey cited complexity, skyrocketing costs and lack of data protection solutions for new technologies as the most pressing issues.

　　

　　In short, the mismatch between the need to protect growing data and the challenges faced by organizations is a huge gap that requires significant innovation in this area.

　　2

　　Application Transformation

　　The applications that organizations use and the infrastructure they run on have evolved. We started with vertically integrated mainframes, where hardware, software, networking and applications were all provided by a single vendor, and then progressed to the "open systems" era, where software, computing, networking and storage were divided into separate domains. Entities connected through standard interfaces.

　　We have now entered the cloud-native era. Modern applications are increasingly adopting cloud-native design principles, where monolithic applications are decomposed into stateless microservices that interact with each other through persistent data stores. The code runs in containers or on an ad-hoc basis using the functionality of a "Functions as a Service" (FaaS) platform. This allows developers to focus on "what they want to do" instead of thinking about "how they should do it".

　　In other words, software design is shifting from an imperative to a declarative model.

　　

　　3

　　Distributed Data

　　As the Internet of Things drives intelligence deep into the network edge, the growth of data and IT infrastructure itself will not be limited to data centers and public clouds. From self-driving cars and smart cities to automation on the factory floor, data is being created in every conceivable corner of the globe. This data is stored and analyzed locally without being uploaded to a central data center or the cloud.

　　

　　This distribution of compute, storage and code is not only a game changer for applications, but also for data protection systems, which can no longer rely on a central control server to manage the protection of all entities that make up the application services.

　　If data is collected and analyzed at the edge, then its importance is determined there, and therefore the level of protection required for it needs to be applied there as well. In addition, data is becoming ephemeral and predefined data protection policies may no longer be applicable.

　　An example of this is video feeds from connected cars. Typically, this data is deleted after a short period of time, however, the value of the video increases dramatically if an accident occurs or the car is stolen. In this case, the video should be protected immediately and replicated to the core data center. A traditional centralized data protection control plane cannot manage this distributed environment of thousands of individual endpoints. Therefore, the data protection implementation approach needs to change.

　　

　　4

　　Artificial Intelligence and Machine Learning

　　The fourth trend is the growth of artificial intelligence and machine learning (AI/ ML) technologies. For centuries, machines have served humans, but now we are entering an era where intelligent machines work alongside humans.

　　In the next decade, humans will be more guided by and interact with machines. Digital assistants, navigation systems and self-driving cars are just a few examples. Such new modes of human-machine interaction will not only become the norm in our daily lives, but also in the way we operate IT systems.

　　Users who grow up communicating with Siri or Alexa will become the next generation of application developers and IT system administrators. Solutions deployed in the cloud, data center or at the edge will need to adapt to this change to enable users to interact using natural language and automate most daily tasks, leaving users/administrators to perform advanced guidance and exception handling.

　　

　　Dell Technologies

　　Delivering Four Key Capabilities to Users

　　As we enter the data decade, the increasing use of AI systems is critical to the security, integrity and comprehensiveness of data. Even if only a small portion of the data is contaminated, the resulting AI and machine learning models can be severely compromised. Subsequent decisions made as a result of compromised models can lead to failure and, more likely, financial and reputational damage to the organization.

　　In response to these four trends, Dell Technologies' data protection solutions can provide customers with the following four key capabilities.

　　

　　01 Capability One

　　Dell Technologies' Data Protection is Cloud-Native

　　Industry-leading Dell Technologies cloud data protection solutions have been used by more than 1,000 customers to protect more than 2.7 EB of data in the public cloud. Seamless integration with the cloud ecosystem and marketplace enables users to easily and quickly install solutions such as PowerProtect DD Virtual Edition to efficiently protect applications and data in the public cloud, while significantly reducing costs.

　　

　　In addition, cloud-native workloads that leverage public cloud snapshots can be seamlessly protected using PowerProtect Cloud Snapshot Manager, a Dell Technologies SaaS offering that automatically discovers, assigns policies and protects across multiple clouds public cloud workloads and data across multiple clouds.

　　This year, we are providing industry-first support for Kubernetes container protection on VMware, which enables organizations to deploy workloads on containers on any cloud - private, public or hybrid - and ensure that mission-critical data running on containers is quickly protected and recovered in edge, core and multi-cloud environments.

　　

　　02 Capability 2

　　Dell Technologies is the only vendor to offer a full range of data protection solutions

　　Supporting comprehensive business service protection from the edge to the core to the cloud requires solutions that include backup and recovery as well as disaster recovery. Dell Technologies has leading products in both areas that will eventually be fully integrated into PowerProtect Data Manager.

　　A single product will provide complete continuous data protection capabilities with continuous data protection capabilities to provide extremely robust recovery points and recovery time targets, and automated backup and recovery for protection, compliance and security of mission-critical data assets in hybrid, multi-cloud environments. These capabilities will be further enhanced by our cloud DR offering, where entire workload environments can be recreated in the cloud directly from backup copies.

　　

　　03 Capability Three

　　Intelligent Protection and Recovery

　　Autonomous protection and recovery will free users from the daily burden of data protection management. It all starts with making the underlying hardware infrastructure self-managing. Dell Technologies Group provides this capability through AI/ML-based automation that proactively detects hardware-related issues and provides predictive maintenance and resource management on the Dell EaseUS PowerProtect DD appliance family.

　　

　　We plan to provide increasing levels of automation through AI/ML to analyze data protection usage and policy patterns to better support the policies and SLAs required for edge, core and multi-cloud workloads. This will be built on top of PowerProtect Central, a SaaS platform that collects and analyzes behavior patterns across multi-cloud environments (while adhering to all necessary privacy and security measures, of course).

　　04 Capability Four

　　Data Management and Security

　　Cyber threats are becoming more prevalent. Organizations of all sizes now report that they are frequent targets of malware and ransomware attacks. Protecting data means more than just performing routine backup operations; it also means protecting it from a variety of cyber threats.

　　Dell Technologies Group offers solutions that are integrating data protection (backup) and security into a more comprehensive approach to protecting data. powerProtect Cyber Recovery integrates data protection storage with Air Gap data protection to prevent malicious deletion of backup copies, and malware detection mechanisms to ensure that backup copies are clean and can be restored at any time. Additional enhancements will be made through Dell Technologies' partnerships with VMware, Secure Works and RSA.

　　

　　With a "data first" strategy for the next decade, Dell Technologies has a complete data protection ecosystem with leading data protection technologies and comprehensive third-party partnerships. As we continue to develop agile software, our industry-leading data protection solutions will continue to simplify the protection and security of critical workloads and data in private, public and hybrid cloud environments, while dramatically reducing the cost of protection in the cloud and preparing organizations for the future while easily addressing the full range of data security compliance issues facing enterprises.