Going on the Offensive—Standing up against Cyber-Attacks
Pat Clawson - July 28th, 2011
After the explosive March hack that infiltrated over 24,000 key files, Pentagon officials are ready to change their strategies regarding U.S. cyber security. While the incursion was one of the worst single incidents the U.S. Department of Defense has ever seen and may impact the design of the U.S. weapons system, it’s just one in a series of cyber attacks our country has experienced this year.
So, how can we take a stand against the hack-happy bad guys? What can we do take back our systems and prepare for the dreaded day when our own systems get hacked? For starters, say goodbye to the “I didn’t know it could happen to me” excuse. And, try these five steps as a starting point:
- Align your security efforts with where the hacks are happening. Recent incidents serve as a profound reminder that we are continuing to spend money in the wrong places. Market research firm Technavio reports 70 percent of security threats are targeted at the application layer of an organization, yet according to Verizon Business, only 10 percent of security budgets are spent on securing this layer of a company. We need to refocus our budgets in order to align them with the importance of effective cyber-attack plans. You wouldn’t spend $100 dollars on windshield wipers and $10 on your brakes, would you? Your application layer is the foundation to your process-to-process communications, ensuring that each application run communicates effectively with another application and if we know that threats are aiming for it, then that’s where we need to focus the majority of our resources.
- Prioritize your IT assets. Approach your cybersecurity with the notion of Murphy’s law — if it can be hacked, it will be hacked. Nothing is 100 percent secure so what you should do is hope for the best and prepare for the worst. All employees and IT assets are not created equal. There are certain employees and certain devices that contain more sensitive data than others; thus, a proper security plan needs to put more emphasis on strategic assets, as opposed to treating all IT assets equally.
- Educate company employees. Security breaches will happen to every company at some point in their lifespan and typically, the breaches occur due to careless behavior by employees, as opposed to a sophisticated, well-thought out attack. People will always be the weakest link and the best way companies can prevent security breaches is by educating their employees on the evolving basics of smart security habits.
- Take a layered approach. We are a nation that thrives on the one-stop shop methodology and cybersecurity solutions only further emphasize our need for a pain-free strategy. Unfortunately though, there isn’t a technology on the market that will solve all of your security needs. Instead, companies need to implement a “defense-in-depth” approach with a platform that includes anti-virus, patch management and application control. All of these solutions must talk to each other in order to be successful.
- Realize security is also a Mac issue. These days, security breaches affect every type of device—including Macs. While attacks may not have been prevalent in Macs in the past because there was less to financially gain from hacking smaller-market-share Mac users, consumerization has had a deep impact on security and the enterprise. Within the past three years, more Macs (and social applications) have entered the corporate environment than ever before, and there is plenty to gain from hacking these systems, especially now that VMWare can virtualize both Windows and Macs.
Ensuring organizations and people remain secure is never an easy feat. There are protocols and guidelines that have to be considered, and I understand firsthand what you are up against when you begin to implement a proactive plan of attack. Making sure your leadership team realizes the company is vulnerable is step number one. Then, take the initiative, educate your team and company users, and stand ready to go from defense to offense.