Are you still using FTP (File Transfer Protocol) inside your business? If the answer’s yes, back away from your keyboard slowly and get in touch with your IT guys, pronto! FTP has long been slated by those in the know as a vulnerable system prone to breaches. Once the hackers are in, you’re done for. Your sensitive data, your staff’s sensitive data and most importantly your customers’ and clients’ sensitive data – all of it, compromised and in the hands of hackers with less than noble intentions.
There are an awful lot of FTP hacks going on at the moment and, with FTP getting a pretty public bashing, even formerly backwater businesses are finally getting on top of their IT security and looking for a safer FTP alternative like Thruinc. In the face of so much public FTP vulnerability, a raft of alternative options are now springing up, battling to become the most convenient and most secure file transfer alternative for businesses of all shapes and sizes.
But, if you’ve still not done your research or called in your IT team, here are a few very good reasons to abandon FTP and move on to safer pastures…
A worsening situation
According to Risk Based Security, over 822 million records were exposed as a result of data hacks in 2013. Double the number of 2012. Although not all of these data breaches will have occurred via FTP, this protocol is far and away the most common way for hackers to get access to sensitive information.
Are you a non-believer?
All too often business owners and IT managers become complacent about their online security. Among SMEs in particular there is a strong feeling of “Oh, I’m small fry, who would want to hack me?”. This is a fallacy. All customer information is valuable and, the weaker your security, the more susceptible you are to attack. Don’t believe me? Here are a few big hacks from the past year or so to demonstrate the dangers of relying on FTP.
August 2014 – Huge Russian hack
Already thought to be one of the biggest hacks ever, this is a story which is still coming to light. Perpetrated by a Russian cybergang calling themselves CyberVor (Vor translates as Thief in Russian), it is thought that the gang stole over 1.2 billion username and password combinations from companies all over the world and web, along with 500 million email addresses.
Overall 450,000 websites and FTP sites are thought to have been robbed of their data, although names and details have not yet been released as these companies may still be vulnerable to attack. According to Hold Security who have been investigating the hack secretly for months the hackers “didn’t just target large companies; instead, they targeted every site that their victims visited,”. Clearly being “small fry” will not protect you if your FTP is vulnerable.
July 2014 – Wall Street Journal, Vice Media, Metro US
The WSJ was the final US online publication to get hacked via FTP in a month which saw both Vice Media and Metro US fall prey to a hacker calling himself w0rm and also rev0lver. The hacker then posted an image of the WSJ database and offered to sell access to this information at the cost of 1 bitcoin (approx. £363.00). The same hacker is believed to have attempted to sell FTP credentials to a BBC-owned server in late 2013.
July 2014 – Doctor Who
And it’s not just sensitive customer data which hackers are interested in. In July 2014, the BBC were forced to issue an apology after hackers broke into the company’s Miami FTP server and gained access to future episodes of cult TV series Doctor Who.
February 2014 – FTP credentials circulated
Here’s an incident which perfectly illustrates just how vulnerable FTP sites are to attack. Back in February hackers gained access to over 7000 FTP site credentials, including those belonging to the New York Times. The hackers then made these details public on the web – prime for further FTP hacks. UNICEF, who are also believed to have had their credentials published , stated that their affected FTP application had been disabled and that they would be switching to a more robust system.
This is good news for UNICEF and those who have details stored with them, but what about the millions of other online businesses still working with FTP? Will you be making the switch soon? What IT security snafu has most alarmed you? Share your thoughts with readers below.