Joseph Assaf Turner
The Next Cyber Attack is at Your Doorstep
A Frightful Scenario
Imagine that tomorrow at 9:30PM your website is attacked and defaced. The beautiful landing page you spent weeks and months on design and content – now shows an offensive image, vile sounds, exposes sensitive information about your company or clients and maybe even spreads malware to people visiting your website.
How long would it take you to know it happened?
How long would it take to make an actionable decision, to find the employee to perform that action?
How long would it take the company to come up with a backup or recovery plan?
Would you have an incident response team ready to take action?
Would you inform customers right away or wait for forensic results? What about suppliers? What about regulators? Stakeholders?
Would you have a team look for deeper impact on your network, viewing the defacement attack as a smokescreen?
This is what happened last night (April 3, 2018) to many municipal and healthcare facility websites as part of an organized hacktivist attack. Monitoring these websites, you could easily see how some organizations had contingency plans in place whose websites were back online in a matter of minutes while other organizations are still at a loss for decisive action and whose websites are still down or defaced for hours.
No matter how well-protected your networks or websites are. The hard truth is that nothing is “unhackable”. Some systems are harder to hack than others but there is no such thing as 100% secure. Period.
Faced with this statement, I’ve heard quite a few clients respond in obvious discouragement: “So what are we doing here? Let’s close up shop”.
The answer is simple - even though we may not be able to completely stop an attacker, we can:
1. Identify: Know who the enemy is, when and how to expect an attack.
2. Detect: Take measures to ensure quick detection of foul play in your systems with as much information about the ongoing attack as possible.
3. Protect: Make your systems harder to breach so an attack takes longer time or even completely discourage the attacker.
4. Respond: Create, enforce and practice response procedures consisting of acquired and sourced skills.
5. Recover: Create and practice recovery plans according to specific organization assets and processes, severity of expected damage, regulation etc.
The good news is that despite the cyber security skill gap, there are still many great cyber security professionals who are ready to come in and help you take the necessary steps toward getting your company to good cyber security posture.
If you’re committed to properly managing your company’s cyber-risk – contact us now