If you Knew you Were Going to be Attacked, What Would you do Differently?
News | 14 Aug 2013
Recent reports have found that cyberattacks against U.S. corporations are on the rise, along with an increase in international threats, especially from China, and emerging threats to small businesses. Today, it’s not a matter of if an organization will be the victim of a cyberattack, but when. If you knew you were going to be attacked, what would you do differently to prepare your infrastructure? Here are the most important steps you should take when protecting your organization. Dedicate Budget When budgets are tight, money is funneled towards the revenue generating parts of the business, and security is placed on the back burner. Smaller organizations especially do not think they will be attacked and do not understand the value of security. They also often lack knowledgeable staff, training and resources. It is necessary for organizations of all sizes to dedicate sufficient resources to training and hiring IT staff, or to outsource their security needs to a third-party provider. Assess Your Risks It is important for organizations to have a clear view into the risks facing them. Some organizations might want to consider partnering with a consultant that can perform an audit and assess their risk profile. Then, the organization can put a plan in place to protect itself. Take Action Once you have identified the threats facing your organization, put the right technology and best practices in place to prevent them, for example:Put up firewalls Upgrade code Don’t forget about PCI certification: PCI is evolving and requirements will probably become stricter in the future.
PCI certification can mitigate the risks to systems that store or transmit credit card data. There are also several low-cost best practice solutions that can help you to substantially mitigate long term data loss and exposure. These include: Staff Training Virus / Malware Updates System Patching Open source detection tools: IDS / IPS File integrity monitors Application penetration testing Source code review Incident Response planning and training Be Proactive The threats to the organization are constantly evolving, and the security team needs frequent training to stay up-to-date on the latest risks. For example, financially-driven attacks have become a huge issue recently, as are new phishing attacks, viruses, worms and Trojans. For example, the Downloader.MDW, better known as Dialer.XD, forces affected computers to generate a large amount of network traffic activity with the consequent consumption of bandwidth. It carries out actions that decrease the security level of the computer and uses anti-monitoring techniques in order to prevent it from being detected by antivirus companies. It also spreads across the Internet while being downloaded by other malware. Also, the Linux.Apaback is a Trojan horse that modifies network traffic and opens a back door on the compromised computer. Although this Trojan is considered low risk as it is easily mitigated and removed, an unsuspecting organization caught off guard can be entirely compromised by allowing such a threat to exist. In order to stay informed, IT staff should participate in security focused events, subscribe to mailing lists, and talk to their peers. Organizations should ensure that they have the latest patch versions. They should constantly scan for threats and plug vulnerabilities in a timely manner. Beyond the IT department, basic security training is important for all staff. For example, all employees should understand password requirements and complexities. Conclusion In the security business, the good guys need to be prepared 100 percent of the time, and the bad guys only need to be right once in order to cause major damage. By following this checklist, you can help ensure that your business is prepared. About the Author: Bill Wheeler is Global Director of Security & Compliance Practice at Zensar