As the web connecting all of us grows ever more complex and our reliance on its operation more complete, so does the risk of cyber-security threats creating major crises. Like it or not, the Internet has become the hub that much of our world revolves around.
As with many powerful tools, the Internet can be a double-edged sword. Fortunately, there are five practical steps organizations can take to minimize the risk and impact of an information security breach.
Everyone is at risk for "hack attacks"
Hacker group Anonymous has put a face on this threat over the past couple years, making headlines for targeting organizations ranging from corporations to government offices. The group has been responsible for attacks on the US Pentagon, UK government agencies, news media, and religious organizations. They even threatened to destroy Facebook.
In one 2011 attack, the group took down the websites of the Orlando, Florida Chamber of Commerce and placed a message on the Universal Orlando Resort website that asked page visitors to “boycott Orlando,” sowing confusion among potential travelers to the tourist region. In another, the private email of a US Presidential candidate was hacked and the password leaked through an online forum.
The hacking of Sony’s PlayStation Network, one of the most widely-publicized attacks in recent memory, has been attributed to several different sources, but whoever the culprit, the end result was the largest data breach in history with personal details from some 77 million user accounts stolen and Sony’s service put out of commission for a full month. Sony told PC Magazine that total costs stemming from the PlayStation Network hack were expected to reach $171 million.
For a more recent example, look no further than payment processing firm Global Payments. According to CNN, an April data breach resulted in hackers gaining access to 1.5 million credit and debit card numbers. Besides the obvious reputation hit, Global Payments was also removed from at least one credit card issuer’s preferred list as a result, raising operating costs even further in the midst of an already-costly crisis.
Governments attempt to lend a hand
In an effort to protect organizations from the danger of online threats, intelligence agencies like the UK's Government Communications Headquarters (GCHQ), have begun to create programs to help assist with cyber threat prevention, as well as recovery after these potentially devastating attacks. Here's a description of the GCHQ's new Cyber Incident Response program, from an Information Age article:
In a statement, GCHQ said that while the scheme is primarily aimed at the public sector and organisations forming part of the UK's critical national infrastructure, the service may also be of use to the private sector.
“The companies will respond to an incident by analysing and then containing the incident, and then cleaning it up,” a GCHQ spokesperson told Information Age. “They will then produce an incident report describing the incident and recommend actions to prevent a recurrence.”
The U.S. was among the first to adopt a formal cyber security initiative, 2008’s Comprehensive National Cybersecurity Initiative (CNCI) and laid its goals out in a White House press release:
To establish a front line of defense against today’s immediate threats by creating or enhancing shared situational awareness of network vulnerabilities, threats, and events within the Federal Government—and ultimately with state, local, and tribal governments and private sector partners—and the ability to act quickly to reduce our current vulnerabilities and prevent intrusions.
To defend against the full spectrum of threats by enhancing U.S. counterintelligence capabilities and increasing the security of the supply chain for key information technologies.
To strengthen the future cybersecurity environment by expanding cyber education; coordinating and redirecting research and development efforts across the Federal Government; and working to define and develop strategies to deter hostile or malicious activity in cyberspace.
While it’s promising to see governments stepping up to offer cyber security assistance, responsibility for protection still very much rests on each individual organization’s shoulders. It’s your data, your network and your customers or constituents that will be affected when your system gets hit. That’s why it’s critical to have cyber security response plans and tools in place and ready to roll.
How do you prepare?
1. Take responsibility
First, boards and senior management must take responsibility for crisis prevention and crisis response. This means approving spending for training, as well as springing for any necessary hardware, software or personnel.
2. Employees must be educated
They are your first line of defense, so giving them a thorough lesson in information security is critical. A huge percentage of so-called hacks are achieved, not through amazing feats of computer work, but by exploiting weak passwords and capitalizing on the use of social engineering—the art of manipulating people into performing actions or divulging confidential information.
3. Create a team to monitor and respond
If your IT staff is overwhelmed with normal responsibilities such as infrastructure maintenance and fixing problems, how will you ever catch a data breach in action? Even if you did, would anyone there know how to shut the floodgates? With cyber security risks, a few seconds of vulnerability could literally mean millions of dollars in data lost.
4. Know what to do when you're hacked
A talented attacker may be capable of bypassing even the well-crafted protections without triggering alarms. Because of this, a response team must be designated that can make the big decisions and pull the trigger with a minimum of information and next to no time to operate.
Regular meetings and simulations will help team members to know their responsibilities, iron out kinks in plans and develop the type of working relationship required to negate threats presented by coordinated and fast-moving Internet assailants.
5. Disclosure and transparency are essential
When you realize you have a problem on your hands, you need to let stakeholders know exactly what’s happened, how you plan to fix it, and perhaps more importantly, how you will prevent it from happening again.
The ability to recognize crisis management risks and adapt to defeat them is a hallmark of successful companies. As both the public and private sectors integrate their operations even further into the Web with cloud-based solutions and global social networks, diligence and a healthy investment into preventing cyber security risks is a critical need.