By Peter Dempsey, EMEA Key Account Manager & Data Centre Lead at Axis Communications

For cybercriminals in South Africa and around the world, data centres represent lucrative opportunities, whether it is in stealing data, deploying ransomware, or disrupting critical systems. Data centres represent a huge number of systems, processes, and hardware devices, and a chink in the armour of any of these is all it takes for extensive damage to be done. If it can be exploited, it will be – and there are many potential avenues of entry.

Over 20,000 data centre infrastructure management (DCIM) systems have been found publicly exposed, and these could allow an attacker to disrupt a data centre by altering temperature and humidity thresholds. Some UPS systems have also been found to be vulnerable, giving hackers access to data centre power. Data centres are filled with Internet of Things (IoT) devices, which could act as attack vectors. As South Africa’s market continues to grow, it is expected to generate $471 million (R8.6 billion) in revenue in 2024 and be worth over $1.1 billion (R20 billion) by 20291. Operators must be aware of their vulnerability and strive to protect every part of their infrastructure.

The threat of undercover attacks

Many data centres could already have been silently compromised. Attackers are increasingly deploying sophisticated ‘living off the land’ (LOTL) attacks, which make use of the core tools of computer systems rather than installing their own malicious files. This kind of infiltration is difficult to spot and can stay undetected for years until the bad actor is ready to strike.2

These actors can be major entities. In many cases, LOTL payloads originating from state-sponsored agents have been found lurking on critical networks. For example, in the UK, the National Cyber Security Centre (NCSC) has implicated a state-sponsored hacking group, APT31, in attempting to target a group of MPs. In a list of other targets, the APT31 cyberthreat extends to the UK economy, critical national infrastructure, and supply chains.3

This highlights the need for data centre managers to take a proactive approach to security, one which does not simply lean on known cybersecurity principles but employs active monitoring and strict due diligence. It is also especially important in today’s regulatory environment – an environment that’s rapidly evolving. South Africa’s National Cloud and Data Policy, recently published in its final form by the government, aims to ensure data privacy and security on top of efficiently managing and utilising it through cloud computing technologies.4

Vulnerabilities in supply chains

If an attacker cannot infiltrate a data centre through direct means, it may attempt to inject a malicious payload on equipment yet to be deployed. IoT devices are fertile ground for criminals; they are network-attached by default and often not inspected with the same level of detail as more obvious attack vectors would be. As with LOTL payloads, malicious IoT devices may simply hide in plain sight because they allow attackers to piggyback on implicit trust.

Companies across South Africa remain dangerously unprepared for attacks. According to the Cisco 2024 Cybersecurity Readiness Index, just 5% of surveyed companies rank at the ‘mature’ level of readiness, while nearly three-quarters of companies said they anticipate a cybersecurity incident could disrupt their business in the next 12 to 24 months.5 There is no longer any way to justify any implicit trust; vendors must demonstrate the security and purity of their supply chain in detail and take action to ensure that unauthorised modifications do not happen. Data centres, in turn, must reevaluate every vendor relationship to ensure they are not compromised.

Thankfully, modern technology allows suppliers to demonstrate the legitimacy of their hardware quite cleanly. Trusted platform module hardware protects signed firmware, offering confidence in a device’s integrity along the chain. Secure boot prevents unauthorised firmware from running at all. Some devices can store cryptographic keys and certificates securely within, strengthening their security credentials while simplifying the process of managing one’s defences.

Conducting due diligence

Strong physical security through cameras, thermal and radar detection, and access control is clearly vital to data centres as an attacker on site could cause untold disruption. But logical security is just as vital to ensure attackers do not reach one’s site virtually. Every piece of hardware and software, whether within the scope of the regulations or not, should be catalogued, analysed, prioritised, and documented on a regular basis.

Compliance needs to be substantiated with a clear record – and vendors must supply this too. No supplier of any value would wish to issue anything that is not on the level; working with vendors that care about their products is the path for data centres in South Africa to accelerate digital transformation and create a smarter, more secure digital landscape.