The recent cyber attacks against US federal agencies underscores a concept that each JACADIS client is taught early on. “Prevention will fail.” It is at this point that you must be able to detect and respond. Failing to do so may severely increase the impact of the event.
The objective of this post is not to call out the Fed’s inability to thwart a large scale distributed denial of services attack (DDOS). Rather, my goal is to emphasize the importance of knowing when your systems and networks are under attack and how to respond. During an attack is not the time to discover you have no idea who is attacking your organization. And similarly, wondering who to contact for help, whether it’s for security expertise or your ISP for blocking the attacker upstream, should not occur while your being hammered by a DDOS attack. Answers to these questions should be known, documented as processes, and tested to ensure they can be followed when a real incident happens.
Risk analysis and threat modeling is a critical success factor in planning for security incidents. This does not need to be a difficult or expensive process. Self-directed models, such as OCTAVE Allegro enable organizations to achieve sufficient risk and threat assessment results with minimal time or cost investment. There will be more attacks; perhaps your systems will be part of the bot network that attacks our nation’s infrastructure? Start evaluating now how this might happen, what you can do to prevent it, how you will detect it if prevention fails, and what resources you’ll need to respond.
Si
Comments