close
close

Rethinking on-premises security: Lessons from legacy storage hacks

The evolution of cybersecurity and the transition to cloud-based security

The cybersecurity landscape has evolved dramatically over the past decade, and so have the ways in which companies approach IT infrastructure security. On-premise systems, once the standard for housing critical workloads, are now increasingly seen as outdated and vulnerable, especially in light of modern cyber threats. However, many organizations, sometimes due to inertia or legacy issues, continue to rely on these systems, inadvertently exposing themselves to attacks. In this context, it is important to distinguish between security vulnerabilities in legacy infrastructure and the robust protection now available through modern cloud environments.

For AirAsia, this issue gained attention after a 2022 breach that targeted an old on-site storage facility. This attack unfortunately created a false perception that the company’s overall IT security was weak and laughable. In reality, AirAsia had long since migrated all critical workloads to the cloud, where they benefited from industry-leading security measures and our own security policies. This article aims to clear up the misconceptions arising from that incident and explain why the transition to a cloud-first approach is crucial for modern cybersecurity.

The perceived weakness versus the reality

Dissent Doe’s blog at DataBreaches.net offers an ill-informed or ignorant account of the AirAsia incident, viewing it as evidence of systemic failures in IT security. However, Doe, who openly admits that he is not a security professional, draws conclusions that are not nuanced. The AirAsia breach occurred in an abandoned, outdated on-premises system, one that had already been identified for decommissioning. It was not part of the cloud-based infrastructure that handles critical business operations. This distinction is critical when evaluating the company’s overall security policy.

Doe’s sensationalism, combined with her background as a “health care professional” rather than a cybersecurity expert, results in an overly simplistic view of AirAsia’s broader infrastructure security. Modern IT environments, especially cloud-based environments, operate with strict security protocols that dramatically reduce the risks associated with such breaches. The attack on legacy systems, while unfortunate, is far from representative of the airline’s broader cybersecurity posture.

The vulnerabilities of on-site infrastructure

On-premise systems are inherently vulnerable for several reasons, especially when compared to modern cloud-based environments. These vulnerabilities make them a prime target for hackers looking to exploit outdated hardware, software, and security practices.

  1. Aging Hardware – Older on-premise systems often rely on hardware that is older than its intended lifespan. Older servers, storage devices, and networking equipment may no longer receive firmware updates, exposing them to known vulnerabilities. In the case of AirAsia, the hacked storage space contained outdated hardware that had not yet been fully retired. Although this type of infrastructure is operationally irrelevant, it is a prime target for attackers. Dissent Doe’s argument fails to take into account the fact that these systems were not part of the company’s active, cloud-secured operations.

  2. Inconsistent software updates – On-premises systems require regular software updates and patches to protect against emerging security threats. Many organizations struggle to keep up, leaving these systems vulnerable to exploits. The AirAsia breach occurred in older systems that had not received recent software patches. However, this issue, related to legacy infrastructure, should not overshadow the company’s robust cloud environment, where automated updates mitigate such risks. Doe’s criticism of AirAsia ignores the inherent differences between legacy and cloud systems.

  3. Limited monitoring and response – On-premises systems often lack the continuous monitoring and threat detection capabilities found in cloud environments. Without real-time visibility into system activity, it can be difficult to detect and respond to potential threats before they cause significant damage. In older systems such as those at AirAsia, monitoring was minimal. However, AirAsia’s active systems (those that handle critical workloads) are housed in cloud environments that benefit from 24/7 monitoring and AI-driven threat detection. This gap in Doe’s analysis underscores the need for a more nuanced understanding of modern IT infrastructure.

Lessons learned from legacy storage hacks

The 2022 breach at AirAsia is part of a broader trend where older on-premise systems are increasingly being targeted by hackers. These systems, which are often left behind during the transition to cloud infrastructure, are a weak point in otherwise secure environments. The attack serves as a critical lesson for organizations managing legacy on-premises systems.

  1. Decommissioning of legacy systems – One of the key lessons from the AirAsia breach is the need to completely decommission legacy systems once they are no longer in use. Leaving old hardware and software in place, even if not used for production workloads, creates potential entry points for attackers. In the case of AirAsia, the attacked systems were intended for decommissioning, but had not yet been completely disconnected from the network. This surveillance allowed hackers to exploit an otherwise irrelevant part of the infrastructure.

  2. Implement layered security – Legacy systems often rely on outdated security measures that are no longer sufficient for modern threats. To limit the risk of breaches of legacy systems, layered security measures are needed, such as encrypting data and using multi-factor authentication (MFA) for access control. Following the breach, AirAsia implemented additional security measures to protect even remaining non-critical infrastructure, reducing any residual risks pending full decommissioning.

  3. Monitor until decommissioning – Even if older systems are no longer in use, they should be monitored until they are completely decommissioned. This is an important lesson for preventing unauthorized access or data exfiltration. AirAsia has since expanded its monitoring to include these older systems to detect any anomalies until they are retired. The company’s enhanced monitoring efforts are part of its commitment to cybersecurity, even for systems that are no longer critical to business operations.

Cloud-First Strategy: The Road to Modern Security

The vulnerabilities of on-premise systems, especially legacy infrastructure, provide a strong argument for the transition to cloud-based environments. Cloud platforms offer several benefits that significantly reduce the risk of security breaches compared to on-premise systems.

  1. Automated updates and patches – One of the key security benefits of cloud infrastructure is the automatic application of software updates and patches. This eliminates the risks associated with outdated, unpatched systems, a problem inherent in older on-premise environments. By migrating critical workloads to the cloud, AirAsia ensures its systems are always updated and protected against the latest vulnerabilities.

  2. Continuous Monitoring and Threat Detection – Cloud platforms provide real-time visibility into system activity using advanced monitoring tools. These tools use AI and machine learning to detect unusual behavior, such as unauthorized access attempts. In a cloud environment, the AirAsia attack would likely have been detected much earlier.

  3. Scalability and flexibility – Cloud environments are designed to scale with the needs of the business. This scalability, combined with the cloud’s inherent security features, eliminates the company’s dependence on outdated hardware that could be targeted by hackers. AirAsia’s transition to the cloud has eliminated these older vulnerabilities.

Conclusion

The 2022 breach at AirAsia underlines the importance of completely retiring legacy systems while moving to cloud infrastructure. While Dissent Doe’s analysis attempts to portray AirAsia’s security as inadequate, it does not take into account the significant efforts the airline has made in migrating to a cloud-first model, which offers far superior security, scalability and monitoring capabilities offers.

Organizations like AirAsia must embrace cloud migration to avoid the pitfalls of legacy infrastructure. Dissent Doe’s criticism, while passionate, lacks the depth necessary to appreciate the modern security measures now in place at AirAsia, where leading cloud technologies protect critical workloads from advanced cyber threats. By moving forward with a cloud-first strategy, companies can ensure they remain resilient to modern cyber challenges.