A Deep Dive into FileMaker Security and Cyber Threats
André Just Vedgren, EngageU 2022
In today’s rapidly evolving digital landscape, cybersecurity is a top priority for businesses of all sizes. Whether you’re managing a small business or overseeing a large organization, the risks associated with data breaches, ransomware, and cyber espionage are increasing. This comprehensive post, based on a presentation given at a FileMaker event, takes a deep dive into the world of cyber threats, the importance of security frameworks like NIST, and practical steps for securing your FileMaker systems. We’ll explore the rise of Ransomware as a Service (RaaS), real-world examples of attacks, and FileMaker’s built-in security features to keep your systems safe.
Menu
- Introduction to FileMaker Security and the Cyber Threat Landscape
- Why Worry About Cybersecurity?
- Ransomware as a Service (RaaS) – The New Cybercrime Model
- Cybersecurity Standards – The NIST Framework
- Implementation Tiers – Measuring Your Cybersecurity Maturity
- FileMaker’s Built-In Security Features
- Multi-Factor Authentication (MFA) – An Extra Layer of Protection
- Encryption at Rest – Protecting Local Files
- Securing File Access – Avoiding Simple Mistakes
- Security by Obscurity – Not a Viable Option
- Responding to a Ransomware Attack – Keep the Server Running?
- Conclusion – Security Is a Continuous Process
- References
Introduction to FileMaker Security and the Cyber Threat Landscape
As digital transformation accelerates, so does the prevalence of cybercrime. No longer limited to individual hackers working in isolation, today’s cyber threats are highly organized and incredibly sophisticated. For businesses using FileMaker, understanding the threats posed by cyber espionage, ransomware, and data breaches is crucial. Ignoring these risks can lead to catastrophic consequences, from lost revenue to reputational damage.
This post aims to shed light on the evolving nature of cyber threats, why security is more important than ever, and how you can implement robust security practices in your FileMaker solutions.
Why Worry About Cybersecurity?
Cyber Espionage and Cybercrime: The Major Threats
The Danish Center for Cybersecurity reports annually on cyber threat landscapes, revealing alarming trends:
- Cyber Espionage and Cybercrime top the list as major concerns, especially with attackers targeting valuable business data.
- Cyber Activism remains a lower risk, but its impact is growing in sectors where political or ideological motivations are in play.
- Cyber Terrorism, though currently at low threat levels, could escalate under certain geopolitical conditions.
Real-World Examples: The Devastating Impact of Attacks
Several notable cyberattacks over the past few years have demonstrated just how vulnerable businesses can be:
- NotPetya (2017): Originating from a conflict between Ukraine and Russia, this malware targeted businesses operating in Ukraine. Among the most significant victims was Maersk, a Danish shipping company, which faced catastrophic disruptions. The attack wiped out its directory structure, leaving them unable to track shipments. Recovery was only possible due to a data center in Africa that was offline and unaffected by the malware. Estimated costs? Hundreds of millions.
- Coop Sweden: In another attack, the supermarket chain Coop was crippled after a supply chain ransomware attack on a third-party system they used. Even though Coop was not the direct target, the impact was devastating as stores were unable to process transactions for several days.
- Techotel: A Danish hotel software provider was struck by ransomware, resulting in total operational paralysis. Hotels relying on their software couldn’t process bookings or manage guests. Techotel was forced to pay the ransom to recover, further fueling the ransomware economy.
These examples underscore how even companies with robust operations can be brought to their knees by cyberattacks.
Ransomware as a Service (RaaS) – The New Cybercrime Model
Ransomware has evolved from sporadic attacks into a well-organized business model known as Ransomware as a Service (RaaS). Criminals can now purchase sophisticated ransomware toolkits on the black market, making it easier for less tech-savvy attackers to wreak havoc on businesses.
The Two Primary Threats from Ransomware:
- Data Encryption: Attackers lock up your critical business data and demand a ransom for the decryption key. Without it, your data remains inaccessible, potentially crippling operations.
- Data Exposure: Even if you’ve backed up your data, attackers may threaten to release sensitive information publicly if you don’t pay. This adds an additional layer of pressure, especially for companies handling sensitive client data under strict regulations like GDPR.
Why This Matters for FileMaker Users
FileMaker databases often hold sensitive business information, making them a prime target for ransomware attacks. If your files are not properly encrypted and secured, you could find yourself at the mercy of attackers.
Cybersecurity Standards – The NIST Framework
So, how do we protect ourselves? One critical approach is adhering to a cybersecurity framework, and the NIST (National Institute of Standards and Technology) framework is one of the most comprehensive options available.
The Five Core Functions of the NIST Framework:
- Identify: Understand the risks facing your systems. This includes identifying vulnerabilities in your network, software, and hardware.
- Protect: Implement safeguards to defend against potential attacks. This includes everything from firewalls to encryption and privilege sets within FileMaker.
- Detect: Set up systems to alert you when a breach occurs. Early detection is critical in mitigating damage.
- Respond: Have a plan in place for responding to an attack. This includes communicating with stakeholders and executing a pre-defined action plan.
- Recover: Ensure that you have a backup and recovery strategy so that you can restore data and resume normal operations quickly.
By following this framework, you can systematically approach your cybersecurity and ensure that your organization is prepared to handle threats.
Implementation Tiers – Measuring Your Cybersecurity Maturity
The NIST framework also introduces Implementation Tiers, which help you assess how well your security practices align with your business needs. These tiers range from Partial (where security is ad-hoc and reactive) to Adaptive (where security is continuously improved based on risks).
The Tiers Are:
- Tier 1 – Partial: Security measures are informal and inconsistently applied.
- Tier 2 – Risk-Informed: Security is considered in decisions, but not yet fully integrated.
- Tier 3 – Repeatable: Security policies are in place and consistently followed.
- Tier 4 – Adaptive: Continuous improvement and integration with real-time monitoring and risk-based decision-making.
FileMaker businesses should strive to move up the tiers as their operations grow, ensuring that their systems become progressively more resilient.
FileMaker’s Built-In Security Features
Authentication and Authorization
FileMaker offers powerful authentication mechanisms, allowing users to access the system using internal FileMaker accounts, Active Directory, or Claris ID. This ensures that only authorized users can access sensitive data.
Privilege Sets
With privilege sets, you can fine-tune user access based on their roles. For instance, you can restrict access to specific layouts, scripts, or records, ensuring that users only interact with the data they are supposed to see.
Data Encryption
One of the key security features within FileMaker is its ability to encrypt data both at rest and during transmission. By enabling encryption at rest, you prevent attackers from accessing sensitive information even if they manage to steal your physical database files.
Server Monitoring
FileMaker Server comes equipped with monitoring tools that allow you to detect suspicious activity early on. This can help you respond to threats before they cause significant damage.
Multi-Factor Authentication (MFA) – An Extra Layer of Protection
Using Multi-Factor Authentication (MFA) significantly strengthens the security of your FileMaker system. MFA requires users to verify their identity using multiple methods—such as a password and a mobile authentication app. Even if an attacker manages to steal a user’s password, they’ll still need the second form of authentication to gain access.
Practical Tip:
MFA is especially useful in environments where FileMaker servers are exposed to the internet. If you’re using WebDirect or Claris Connect, MFA can act as a critical barrier against unauthorized access.
Encryption at Rest – Protecting Local Files
Encryption at rest is one of the most critical security features for FileMaker users. Without encryption, it’s surprisingly easy for attackers to open a FileMaker file and gain access to its contents if they manage to obtain the file through physical theft or a server breach. Encrypting your FileMaker files with a strong passphrase makes it significantly harder for unauthorized users to open your databases.
Securing File Access – Avoiding Simple Mistakes
Even if you’ve separated your data files from your interface files, unauthorized access can still occur if permissions are not managed correctly. FileMaker’s file access authorization allows you to restrict which files can reference data from other files. Make sure to enable Require Full Access Privileges to Use References to This File to prevent breaches via unauthorized external files.
Security by Obscurity – Not a Viable Option
Some developers rely on security by obscurity, which means hiding sensitive data rather than securing it. For example, fields or layouts might be hidden from users but not truly restricted. This approach is risky because advanced users can export hidden data or use tools to bypass hidden layouts and view restricted information. True security requires encryption and proper access management, not simply hiding elements.
Responding to a Ransomware Attack – Keep the Server Running?
One of the most important takeaways from recent research is that in the case of a ransomware attack, you shouldn’t immediately shut down your FileMaker Server. Here’s why:
- Ransomware tools often target files on disk, encrypting them once the server is offline. If the server remains running, however, live FileMaker files are locked and typically cannot be encrypted while in use.
- Before taking any drastic action, save your live files. This can be the difference between being able to recover your data and losing everything to encryption.
Conclusion – Security Is a Continuous Process
Cybersecurity is not a one-time project but an ongoing effort. It’s crucial to regularly review and update your security practices to keep pace with emerging threats. By adhering to frameworks like NIST, leveraging FileMaker’s built-in security features, and remaining vigilant, you can significantly reduce the risk of a cyberattack.
Remember, the most secure systems are those that evolve and adapt. Continuous improvement, constant vigilance, and proper planning are the keys to protecting your business from the growing cyber threat landscape.
References
Here are some additional resources to dive deeper into the topics discussed:
