Effective Cyber Attack Response Requires Planning and Preparation

Your networks are under siege. A virtually endless array of vulnerabilities and exploits, and an arsenal of tools to automate reconnaissance and attacks means that you have to actively defend your servers, apps and data 24 hours a day, 7 days a week, 365 days a year. If and when an attacker penetrates your defenses, though, the key to minimizing the damage and restoring normal operations lies in effective planning and preparation.

Paul Fletcher, cyber security evangelist for Alert Logic, and Frank Shultz, managing director at BC in the Cloud, recently co-hosted a webinar highlighting the importance of business continuity and disaster recovery planning. The session, titled “Preparing for Cyber Attacks…Expect the Unexpected,” covered a range of subject matter from the impact a cyber attack can have on a company, the importance of having a business continuity and disaster recovery plan in place, how business continuity planning tools and cloud security software go hand in hand, and the value of drilling and testing a plan before an attack.

Fletcher began the webinar with an overview of the current state of the threat landscape. Using stats and data from the recent Alert Logic Cloud Security Report, Fletcher showed that web application attacks are on the rise. More and more organizations are choosing to rely on web applications as a primary means of creating and delivering tools and services to customers, so attackers are focusing more energy on finding and exploiting vulnerable web applications.

He also pointed out the rise of attacks against popular content management systems (CMS) like Wordpress and Joomla, the increased risk organizations face from configuration errors of public-facing servers and databases in the cloud, and the Achilles heel that trusted third-parties represent.

Cyber criminals don’t take breaks or vacations. They don’t have “business hours”. Fletcher outlined a set of security best practices that are instrumental in effectively defending against the perpetual barrage of attacks:

  1. Do a better job of creating secure code and keeping it patched and updated
  2. Use strong identity and access management that relies on the principle of least privilege
  3. Stay informed of current and emerging vulnerabilities and threats
  4. Understand your role in the cloud shared security model
  5. Implement an effective security management and monitoring strategy

Frank Shultz continued the session by diving into the importance of effective planning and preparation. You can’t install an airbag after you crash your car. Being prepared for a catastrophe or emergency situation requires that you have taken the time to consider the various potential scenarios that might occur and taken steps beforehand to define how you will manage and respond to those incidents.

Shultz explained that for many—possibly most—organizations, establishing a business continuity and disaster recovery plan isn’t optional. Many compliance frameworks require that organizations have processes in place to respond to events like cyber attacks, natural disasters or extreme weather events.

It’s important to be thorough and think through all of the potential issues you might encounter. Shultz explained that just having a contact list of email addresses for key individuals will not help much if the email system itself is down. You need to include alternate methods of contact and have a defined escalation path to ensure effective communication and a smooth response.

Perhaps the most crucial thing Shultz shared, however, is the importance of drilling and practicing the response plan. You don’t want a real outage or cyber attack to be the first time you identify gaps in your plan. Take the time to walk through your business continuity and disaster recovery plans to make sure you have thought of everything, and to ensure that key individuals understand their role in the plan and know how to execute it if and when the time comes.

To learn more about what it takes to be secure and how to properly prepare for cyber attacks, you can listen to the recorded webinar on-demand here: Preparing for Cyber Attacks…Expect the Unexpected.

About the Author

Tony Bradley - Senior Manager of Content Marketing for Alert Logic

Tony Bradley

Tony Bradley is Senior Manager of Content Marketing for Alert Logic. Tony worked in the trenches as a network administrator and security consultant before shifting to the marketing and writing side of things. He is an 11-time Microsoft MVP in security and cloud and has been a CISSP-ISSAP since 2002. Tony has authored or co-authored a dozen books on IT and IT security topics, and is a prolific contributor to online media sites such as Forbes and DevOps.com. He has established a reputation for effective content marketing, and building and engaging a community and social media audience.

Connect | Email Me | More Posts by Tony Bradley