How to Avoid Being a Victim of Cyber Security Attacks
At the end of October, I had the pleasure of speaking at the 2016 Provider’s Council Annual Tradeshow & Expo at the Marriott Copley Place hotel in Boston. This was my first time at the Provider’s Council annual event and it was energizing to be around so many professionals and non-profit enthusiasts.
I had the privilege of speaking on ‘Cyber Security: How to Avoid Being a Victim of an Attack.’ Recently, we can’t seem to get away from cyber security attacks so I thought this was a particularly interesting and important topic to discuss. Little did I know that there would be a major cyber security attack just a few days before my presentation.
Just a few days before Providers Council, hackers attacked key Internet sites and disrupted the availability of popular websites across the East Coast of the United States. Dyn Inc., a Manchester, New Hampshire based company said that its server infrastructure was hit by a distributed denial-of-service attack (DDoS). A DDoS attack is designed to make an online website or service unavailable by overwhelming it with traffic from multiple sources. Dyn provides traffic management to some of the biggest names on the web, including Twitter, Netflix, Spotify and PayPal. These sites were temporarily disabled for users during this DDoS attack. It is also noteworthy that this attack (DDoS) occurred in four independent stages resulting in 1.2 Tbps (TeraBits per second) of network throughput being used against Dyn. That is extraordinary bandwidth consumption!
With the recent impact of this high visibility attack, the awareness once again came back to the profound and expensive impact this can have on organizations of any size, anywhere, at any time.
How can your organization prepare for these types of attacks?
- Assess Your Risk – In order to create a safe computing environment, it is imperative that your organization be physically and virtually secure. Locked buildings and doors, access to secure server areas must be controlled and audited. Your IT leadership team must also create a security culture and hold frequent staff training sessions. Documented policies and procedures are necessary to stay secure. Your leadership team should create and adopt a Written Information Security Policy (WISP) and frequently review these policies at a minimum.
- IT Governance – Creating a culture of security at your business is crucial to staying secure. Designate a security officer or group of security officers to enforce the rules and best practices. Hold frequent training and awareness seminars for employees and create recurring assessments for employees to try and improve their security understanding.
- Technology – It’s extremely important to understand that your business can never be 100% secure from attack. With that being said, your organization can minimize attacks by implementing intelligent and holistic security solutions. All organizations in this day and age should have a formative unified threat management (UTM) strategy which should include IDS/IPS (intrusion detection & protections systems), DNS filtering, encryption and 24/7/365 real-time security monitoring. In addition, Mobile Device Management (MDM) is now essential and all mobile devices must have physical encryption as well as a mobile wipe.
These are just a few elements to consider when assessing risk at your organization. If you don’t feel like your organization is where it needs to be from a security standpoint, then it’s time for a conversation with our security experts.