Category Archives: hack

The Three P’s of Cyber-Survival

Published on 26th March 2013 by . Leave a Comment

The cyber war is on, protect yourself now

South Korea was hit by a major cyber attack Wednesday as the computer systems of two major banks, three broadcasters and others simultaneously crashed, raising suspicions that North Korea was to blame.

On some computer screens, images of skulls with glowing red eyes popped up along with cackling laughter.

Although it appears the attack, which began about 2 p.m., was designed more to frighten than to destroy, it highlighted the vulnerability of one of the world’s most wired, tech-dependent countries. Some banking operations were virtually paralyzed during the afternoon.

This quote, from an LA Times article by Jung-yoon Choi and Barbara Demick, is just another in a string of examples that prove the dire need for heightened Internet security.

The cyber wars are on, and while governments are doing battle, any organization that’s connected to the web (aka, all of them) are the potential casualties.

How can you protect your organization from the potential fallout?

Prevent - At this point, disruption of computer systems absolutely falls under the category of “likely” crises. Determine the most effective ways to secure your networks and repel attacks, and train employees on how to recognize and avoid risks.

Plan - Once your systems are down, it’s going to be awfully difficult to formulate a plan of action. Plan in advance for ways to communicate, both internally and externally, and determine how you can continue on with business even without access to computer systems or the ‘net.

Practice - If you’ve even been in a checkout line when the electronic registers go down, you know what a mess even a minor loss of technology can create. In order for your organization to function in the midst of chaos, you have to be practiced. An old favorite, the fire drill, can be adapted to this. Have your IT people simulate a cyber attack by purposely disrupting or blocking access to electronic systems and enact your plans. Afterward, have a “lessons learned” session and adapt your plan according to what worked, as well as what didn’t.

There WILL be even more widespread and sophisticated cyber attacks, and it’s only a matter of time until they affect your organization. As with crisis management for just about any type of situation, it pays to be ready. Follow the three P’s, and steel your organization against this growing threat.

Erik Bernstein
Social Media Manager
http://www.bernsteincrisismanagement.com/

Leave a Comment

Crisis Management Tips After a Network or Computer Hack

Published on 17th July 2012 by . Leave a Comment

Editor’s Note: The following guest article by John Dayton explains in detail how to protect your business from the very real dangers of the Internet. The events of the past several years have left no doubt as to the necessity of having a clean and secure network. If you’ve got doubts, talk to someone at Sony, Chase, Lockheed, or one of the many other victims of hack attacks.

Protect your business from online threats

Nobody is immune to network attacks and hacks. Hackers and data thieves will go after both multinational corporations and small to medium sized businesses with equal gusto. A well secured network that cost a certain amount of effort and money to put together can save your business thousands or even millions of dollars down the road in avoided data theft, lawsuits and massive business systems interference.

To avoid being an easy victim, follow these tips to harden your systems and make an attacker move on to easier prey. If you’ve already been a victim of an attack, let’s also examine some damage control procedures you can take to minimize your losses.

Preventing Hack Attacks and Securing Your Network

Physical Security

The first line of defense your computers and network will have against attackers is in their physical security parameters. If your machines and any sensitive documentation are easy to physically access, you’ll have a very easy and dangerous source of possible breaches. Keep all your doors and windows locked when no one is at the office, buy a quality alarm system and make sure it’s activated nightly with an access code that only your most trusted employees have access to. Don’t leave computers with sensitive information unsupervised or in the hands of employees you can’t trust well and if you print out any important information (particularly confidential client data), either guard it well in a secure place or thoroughly destroy it as soon as you’re done using it.

Another useful tip that could be classified as physical security for the particularly cautious is to separate your computers into red and green categories. This is a step certain government security agencies apply to their systems and consists of having green computers with no access to a network as data storage points for very sensitive information, and red computers that are connected to a network, a cloud system or the external web; these being used for day to day activities and not storage of sensitive date.

Data Backup Strategy

Every company is inevitably going to build up many, many gigabytes or even terabytes of extremely important data that needs to be kept for reference or work purposes. The loss of all this information can be a complete catastrophe for some companies. It absolutely needs to be protected by a backup strategy. Instead of simply storing everything on your office and network computers, consider backing your data up to a second set of servers that either you yourself own at a different location or (even better and more convenient) sign up for a trusted and highly secured cloud storage service that offers multi-terabyte data space. Train your employees to regularly back up all information and anything they create to the cloud. This will save you from the information misfortune of losing everything if your office burns to the ground or is the victim of computer theft.

Antivirus and Network Intrusion Systems

Protect your network with a robust antivirus implementation that covers every computer, all of its online activity and exchanges between machines in the network. You should go for a strong, commercial system such as those offered by companies like Kaspersky Labs, AVG and Bitdefender. Furthermore, ensure that you stay on top of regular security updates from your antivirus software provider.

As an additional step, you should strongly consider hiring an IT security person for full time network administration. Have them install and regularly monitor a network intrusion detection system that watches over your entire network. Such systems are complex and require full time dedication, but they do monitor security aspects like bandwidth and activity supervision, virus checks, changes in file settings and permissions, packet sniffing and regular checks of every single network PC for unusual activity or contamination. Have your network intrusion system coupled with your antivirus protection in order to simplify security.

Firewall Protection

A powerful firewall around the machines on your network will dramatically reduce the likelihood of attacks; especially if it’s coupled with the above-mentioned antivirus and network intrusion systems to create a certain degree of security redundancy. A quality firewall will prevent unauthorized access to your computers from external sources; protect your computers by preventing employees inside the network from accessing external sites that could be harmful and also protect unsolicited applications from effecting changes inside your computers or the network. Network intrusion protection systems usually include firewall protection as an existing measure.

Software Patching

Ensure that all your software is up to date and secure. Set all of your computer software systems to automatically update themselves whenever new patches occur and instruct your employees not to interfere with this process. The constant software updates that most systems go through periodically aren’t there just to annoy users; they’re designed to cover constantly emerging Internet threats.

Passwords, Removable Devices and Encryption

Create a password policy for all your machines that requires all of them to be secured by long passkeys of multiple differentiated characters. These are much harder to crack with anti-password software and can save you from some very heavy intrusions. Ensure that your employees memorize these passwords and don’t simply write them down somewhere where anyone could end up running across them. Also, for any removable devices like USBs, laptops and tablets that employees will be taking home or on business trips to work with them; make sure they are protected by password activated encryption and that they only contain the essential date for a given workload. This should particularly apply to overseas business trips.

Ensuring Client Confidence

If your company has implemented all of the above network and computer security steps, it should already feel quite confident in much less likelihood of being attacked by hackers and data thieves. Furthermore, your company should advertise an overview of how it manages security in order to make clients feel secure in entrusting their business, money and confidential date with your systems. However, advertising your security should also not involve giving too many details away, since knowing that a company is secure but not knowing just how extensive the security is can also work as an attack deterrent; maintain a certain aspect of confidentiality.

In the event of security attacks, quickly establish a timeline that defines where and when the attacks occurred in order to better track the intrusions progress and what may have been infected or breached. This will let you know how client information might have been affected.

Managing Security Breaches

There are numerous types of hacker attacks which can occur against a network, but to keep things simple the main types are structured external attacks (attacks of a planned nature, usually conducted by criminals), unstructured external attacks (conducted by thrill seeking hackers) and internal threats.

Finding out which type of attack is going on is usually a question of detailed traffic and program routine analysis; finding out where the attack originated from by tracing its movement. In many cases, if an in-progress intrusion is detected, the best practice is to observe it at first and in doing so trace its source in order to allow a better response. Once the hackers’ activities have been traced, the next step should be to immediately cut off the access route they used and keep an eye on possible alternatives they could try later; this while at the same time removing any malware the hacker has installed and repairing any damage done.

Beyond measures like this, other important methods of dealing with security breaches include applying access control lists on firewalls, routers and network intrusion systems; disconnecting the host that’s being attacked from the rest of the network; disconnecting the whole network from external contact or disconnecting a certain company website from the internet.

Once the attack has been stopped, the process of repair and re-securing should begin, with all the proper changes done to make sure the hackers can’t access you by the same or related means again.

Another important part of dealing with active security breaches is to document and record everything that was observed, all systems that were affected, how and how the threat was dealt with. Any infected data or systems should be reviewed thoroughly and system logs checked for more evidence.

About the author: When John Dayton isn’t offering the best in technological advice, he is busy covering the best that forensic engineering has to offer.

Leave a Comment