Protecting your organization and its information technology infrastructure from an intentional computer network attack requires a combination of technology, good practices and vigilance. Attacks can occur inside and outside your organization. Successful responses to attacks on your IT infrastructure and computer network require procedures that coordinate your staff and technology and quickly identify, analyze, and mitigate any threats.
Table 1 lists examples of internal and external computer network attacks, which differ from situations that may be considered accidental or natural disasters.
|Theft of personal information via social engineering||Hacking, spam|
|Theft of company data||Denial of service|
|Theft of equipment||Viruses, worms|
|Damage to fiber/copper wiring||Zombie attacks|
|Altering critical information||Vandalism|
|Disable internal security systems||Arson|
|Disable internal access control systems||Theft|
Table 1 – Premeditated Attacks
According to the National Cyberspace Strategy, the mere installation of a network security device is not a substitute for maintaining and updating a network’s defenses. Ninety percent of the participants in a Computer Security Institute survey reported using antivirus software on their network systems, yet 85% of their systems had been damaged by computer viruses. In the same survey, 89% of the respondents had installed computer firewalls and 60% had intrusion detection systems. Nevertheless, 90% reported that security breaches had taken place and 40% of their systems had been penetrated from outside their network.
Best practices to prevent and respond to premeditated attacks
The following section provides guidance to help you secure your organization and its IT infrastructure from internal and external attacks on your computer network. While no single solution is likely to address all possible situations, a well-planned and regularly tested program of surveillance, intelligent detection systems, and staff diligence will be very helpful.
The following is a list of best practices for developing and operating threat assessment, response, and recovery activities.
- Develop and approve a formal policy regarding the protection of IT infrastructure assets from attacks
- Establish a methodology for identifying, assessing, and mitigating attacks
- Establish an awareness program to alert all employees about the need to protect their equipment, data, and other personal information
- Establish training for employees to help them identify and report an attack, as well as training for technicians to keep them current on security threats and how to respond to them
- Establish a method to brief senior IT and corporate leaders following an attack
- Strive for continuous improvement of threat management practices and procedures
- Continuously monitor and assess threats to and vulnerabilities of IT infrastructures
- Establish alert mechanisms for critical systems that will notify you when suspicious activity occurs
- Activate incident response and management activities to deal with the threat/attack
- Launch a warning to other parts of the organization advising of the threat/attack
- Activate procedures to recover/restore operations to normal
- Conduct a post-event analysis
- Update procedures and policies based on outcomes from an attack
- Maintain awareness of known external attacks, such as viruses and spamming, through various information services and security software suppliers
- Increase security measures in areas such as outsourcing and procurement by communicating threat characteristics, how to identify a threat, and how to report it to IT security
- Identify and reduce software vulnerabilities by working with information security firms to use the most effective security tools and working with software vendors to share information about threats and remedies
- Understand infrastructure interdependencies as a way to improve the physical security of IT systems, voice/data networks, and cable/wiring infrastructures
- Link infrastructure security plans with disaster recovery and business continuity plans
- Train your internal facilities staff (or building management if you lease space) as they will help ensure that your physical infrastructure is secure and the operating environment is properly maintained
- Train your internal security staff (whether employees or provided by a third party) so they will be able to proactively identify and deter unauthorized individuals
- Regularly test your threat detection, assessment, response, mitigation and control activities to ensure that your team knows what to do when a threat appears
- Coordinate protective measures with public-sector organizations
About this author: Paul Kirvan, CISA, FBCVI, CBCP, has more than 20 years of experience in business continuity management as a consultant, author and educator. He has been directly involved with dozens of IT/telecom consulting and audit engagements ranging from governance program development, program exercising, execution and maintenance, and RFP preparation and response. Kirvan currently works as an independent business continuity consultant/auditor and is the secretary of the Business Continuity Institute USA chapter. He can be reached at [email protected].