Recent compromised file transfer protocol servers at The New York Times and other organizations illustrate the ongoing nightmare of using suboptimal network security. Although managed file transfer has long proven its superiority over FTP document sharing, many organizations continue to allow their data integrity to hinge on a legacy model. As cyberthreats become more sophisticated, organizations have to become more proactive. There's simply too much at stake otherwise.
Cybersecurity firm Hold Security recently discovered hackers circulating credentials swiped from more than 7,000 FTP sites, including servers used by The New York Times and UNICEF, reported Computerworld contributor Jeremy Kirk. These lists, spotted in underground forums, were used to upload malicious files to FTP servers, including scripts written in the PHP programming language. They also put fraudulent file on FTP servers with malicious links embedded. Once clicked, these links would take users to scam-laden websites. The group responsible for the attacks has not yet been identified.
The problems with FTP
The compromised data reiterates the shortcomings of FTP. Kirk wrote that the nature of the compromise suggests that hackers were able to bypass passwords, which in some cases were complex and in accordance with best practices. Instead, they might have installed malware directly on computers. To achieve this, they would have exploited FTP operations, in which a Web browser automatically logs into the FTP site if it has a link with the right credentials. Hackers can put these links in targeted, tailored spam emails. An .html file found in one of the Times' FTP servers supports this conclusion.
Only one employee has to be fooled to put a network security compromise in play. Email has always been a source of enterprise vulnerability and IT headaches, as it is the easiest place for an inattentive or gullible user to trigger a domino effect on the network. The ever-changing nature of digital workplaces adds new wrinkles all the time. The latest impediment is news that more than half of consumers only read emails on mobile devices, according to Yesmail Interactive.
The bring-your-own-device movement has helped collapse the distinction between consumer and worker. Employees do not suddenly abandon their personal preferences when they come to work. This is especially true when it involves email, for which convenience and immediacy are key. Coupled with hackers aggressively targeting mobile users, it's a disaster waiting to happen.
FTP simply falls short for the digital realities of many companies. It was designed to facilitate ease and efficiency of file transfers, not make them more secure. Today, it's impossible to separate pace from protection. In fact, many attack types that regularly compromise FTP servers - spoof, bounce and brute force attacks among them - rely on the fact that users are probably more concerned with getting things done fast than getting them done safely.
The advantages of managed file transfer
For companies still walking the FTP tightrope, a managed file transfer solution is long overdue. Every company should be working toward centralized, granular oversight, something managed file transfer offers in spades. There are simply too many blind spots and latent vulnerabilities in FTP, an issue when it comes to compliance and archival efforts.
Here are some of the top benefits of investing in a managed file transfer solution:
- Security: It can't be overstated how important adequate information protection is to every facet of a business. A variety of state-of-the-art authorization and multifactor authentication features confirms identities before allowing transfers to take place. Firewalls, SSL session breaks and validation controls form a protective shield around a company's network.
- IT Support: Responsibility for security in the face of rapidly expanding network and infrastructure environments can put a lot of pressure on IT. Managed file transfer provides the automation of some key protective tasks, reducing daily IT workloads. It also provides more structure for companies that support remote workers and freelance operators. Providing these far-flung and temporary workers with a secure file transfer environment can be an IT headache, but can be solved with better file transfer infrastructure.
- Compliance and auditing support: Many industries, including healthcare, finance and education, are dealing with stricter compliance and auditing in the wake of several recent high-profile data breaches. Managed file transfer provides more visibility into the entire process, allowing companies to wield more comprehensive records transparently to eliminate compliance and auditing blind spots.
If you liked this article, Lightwell has more: