The Internet might seem like it runs itself, and to a certain extent, it does — at least, that’s the case when everything is programmed correctly and there are no major cyber attacks. But a simple human error has the capacity to take down an entire website. Less frequently, a small error can take down much of the web. That’s what happened with last week’s Amazon Web Services (AWS) error which, surprisingly, had nothing to do with a cyber attack.
Here’s what you need to know about last week’s Internet catastrophe, why it’s relevant to you, and how many errors, not just security breaches, can undermine web security and stability.
If you tried to get online last week to visit one of many popular websites, you probably found that the site was running slowly, failing to load entirely, or riddled with errors. The culprit, as it turns out, was a problem with Amazon Web Services (AWS). AWS hosts a large array of websites with its Simple Storage Service (S3). Information hosted on the cloud with this service was inaccessible throughout the day, leading to trouble for thousands of companies.
This leads us to the question — what was behind the error? Not a massive cyberattack. Not a threat from Russia or a denial-of-service (DDoS) attack either. The culprit, it seems, was nothing more than a typo.
An engineer pushed the wrong button. Rather than taking a few servers off line, this took all of the company’s servers off line. It turns out that Amazon hadn’t completely restarted its entire system in years. So getting the ill-fated servers back online took longer than Amazon anticipated.
Experts say this could happen to any web hosting service, and that Amazon is still a reliable hosting partner. The problem is that the popularity of AWS means that a disproportionate number of businesses were affected. In other words, many companies use Amazon because it works so well. That means when it fails, so too do they.
AWS is probably more secure than ever thanks to the error. That doesn’t mean we can’t learn anything from the error. One thing we know for sure is that even giants like Amazon are vulnerable to errors that put user content in jeopardy.
This isn’t the first time a simple human error has had catastrophic effects. Amazon’s brief outages in the past have taken out web giants such as Vine and Instagram. Far from being the only company vulnerable to such a disaster, Amazon is joined by companies such as Google and Microsoft, which have also gone offline. Joyent suffered a similar outage to Amazon’s back in 2014.
Human error also extends to cyber attacks. Most cyber attacks are, at their core, attributable to some type of human error. That includes insecure passwords, data leaks, accidental insertion of malicious code, and pure laziness.
Many cyber criminals prey on our tendency toward laziness. With threats everywhere, it’s easy to become desensitized to the very real threats apps and websites face. That’s precisely where vulnerability begins. That piece of code you never checked, the developer you never vetted, and the update your users don’t install… these are all the very omnipresent human errors that put your site or your application in danger. Criminals look for these vulnerabilities and then exploit them. It’s exhausting to stay on top of every potential attack, and they use this to their advantage.
Major web outages and cyber attacks typically send businesses scrambling to fix that specific error. A malicious piece of code will quickly disappear when it instigates a high-profile attack. But this reactive posture can obscure a larger truth: websites and applications are vulnerable to a host of issues. Many of them are due to human error.
Rather than focusing on the specific typo that briefly took down AWS, it’s important to consider the larger scope of human error. Some of the many ways a simple mistake can undermine site security include:
Human error is inevitable, and sooner or later, it’s likely to affect your site or application. There’s still much you can do to reduce the likelihood that errors will trigger a massive outage or data breach. Try the following:
Credential leaks have become alarmingly common in today's digital landscape. What's more concerning is that…
Automated penetration testing has become a new way to replace and/or complement the traditional manual…
According to Gartner, OT (Operational Technology) is “hardware and software that detects or causes a…
One of the most effective ways to identify security weaknesses is to simulate attacks with…
Cybersecurity is essential for every organization, not only for enterprises but also for SMBs and…
Software development is a complex process that typically requires a lot of time and effort.…