存储安全年度回顾

1| ©2024 SNIA. All Rights Reserved. Storage Security – Year in ReviewEric Hibbard, CISSP, FIP, CISASamsung Semiconductor, Inc.2 | ©2024 SNIA. All Rights Reserved. Threat SummaryRansomware with data exfiltration (hybrid attacks)Supply chain attacks (service providers)Cyber attacksCritical infrastructure (nation state actors)HealthcareBanking & finance or government (organized crime)Data breaches (new malware, vulnerabilities, etc.)AI is emerging as a new tool for attackers3 | ©2024 SNIA. All Rights Reserved. Standards and Industry Players4 | ©2024 SNIA. All Rights Reserved. ISO/IEC 27040:2024-01 (Storage security)Comprehensive coverage of storage security Includes both requirements and guidance (includes auditor checklists)Covers organizational, people, physical, and technological controlsDefers to IEEE Std 2883 for media-specific sanitization (old Annex A removed); verification and cryptographic erase clarifiedMany new controls (e.g., IPMI, NVMe-oF, storage systems securit