Attacks are becoming more sophisticated and no matter what size your business is, sooner or later you’re likely to get hacked. But take heed from an expert, and minimise the risks…
Firms of all descriptions know all too well what an attack can be like. Those who were not adequately prepared or did not handle an incident competently are, in some cases, no longer around to talk about it.
Senior Security Manager for Scanit Middle East, Hidayath Ullah Khan, says he has discovered many firms are ignoring the need for even the most basic emergency plans in case of an attack while performing security audits for clients.
"
Some organisations choose to handle security incidents by ignoring the issue altogether," he says.
"Many companies that have been attacked seem to want to forget about it without addressing the security breach itself. But ignorance is never bliss when it comes to IT security, and the incident catches up with the company’s operations before long".
Hackers can freeze companies’ entire online operations in a few hours. The time it takes a firm to get their services back online can mean hundreds of thousands, even millions, in lost revenue.
In early 2004, bookmaker William Hill suffered an attack and then received a demand for $50,000 from a hacker. The company experienced a dramatic fall in online gambling for the duration of the attack.
Many organisations are failing to recognise they’ve been attacked in the first place, or choose to do nothing about it until they are rudely awakened by the effects of the attack, Khan says.
"As an incident handler, I’ve had many opportunities to help companies deal with their security incidents.
"In most cases, we noticed the firms had been ill-prepared to deal with any type of security incidents from the outset, meaning sleepless nights for both parties until their incident was resolved."
And ‘protecting’ corporate systems from attack by using the latest anti-intrusion software or hardware is no longer enough, research shows.
US-based analysts, The Yankee Group, found in June the number of vulnerabilities in IT security products had jumped significantly in the previous 12 months. ‘The number of vulnerabilities for security products is expected to leap 50% if 2005 trends continue,’ it forecast.
In January, the network security firm Mazu Networks found 47 per cent of companies it surveyed had seen their networks attacked in the previous year.
Attacks are now bypassing traditional defences. Scanit has already shown how hackers can attack companies directly through web browsers used by surfing employees. This has shifted the security threat onto home ground.
The age old adage “chance truly favours the prepared mind” is especially true when it comes to dealing with security incidents. The middle of a crisis is not the best time to determine what your company’s next move should be.
Questions like: ‘Should my firm successfully contain the incident and return to business as soon as possible?’ or ‘Should I wait and watch, to gather more evidence to prosecute the attackers?’ are the kinds of career-affecting decisions that should be provided for before an incident arises.
If your organisation is prepared and you know what to do in the event of a security incident, then dealing with it is relatively straightforward.
The best way to prepare for and lower the risk of an incident happening in the first place is to have the resources, policies, procedures, tools and technologies in place, in advance.
Basic essentials to consider are…
Basic essentials to consider are…
- Presumption of privacy: Outlining your organisation’s policy on privacy will dictate whether you can monitor your employees or non-employees’ PCs;
- Warnings: A warning banner on all corporate systems indicating that it is a private system and all activities are monitored;
- Response: Specify whether you intend to involve law enforcement in the event of an attack or deal with any incidents in-house;
- Skills: Your organisation must have trained and skilled resources to handle an incident. An untrained or un-skilled system administrator could inadvertently introduce more risks in the midst of an attack;
- Data Back-up and recovery: Your last clean back-up must be regularly tested so there are no surprises when you need it. Also consider installing software/hardware to detect and prevent attacks.
The bottom line is that preparation is paramount and prevention is better than cure. You will not need to use your emergency plan every day, but there could come a day where you are very thankful you made the relevant provisions for it.
