Over the past couple of months we’ve seen reports of major defense contractors and systems integrators being the target of sophisticated cyber-attacks that appear to have leveraged vulnerabilities created from the RSA SecureID hack. In March, RSA notified SecureID customers that the company discovered an ongoing sophisticated attack targeting its internal systems.
The attack resulted in attackers extracting information from RSA’s systems — specifically the “secret seed” data used to generate the one-time passwords for RSA SecureID tokens — which hackers used to initiate subsequent attacks.
As the number and severity of attacks continues to rise, many organizations are worried. If these types of cyber attacks can happen to some of the most secure organizations in the world, are we as secure as we should be?
The first step to preventing a cyber attack is to make sure you have a mitigation plan in place. Part of the plan should include an IT solution map of IT assets, to fully illustrate the relationship between IT security vulnerabilities and the potential business impact of an attack on them. This helps allocate budget, and ensure your most mission-critical data is backed up most often. A colleague of mine, Walt Leach, has written on this subject for the Economist Intelligence Unit.
Here are a few more suggestions for elements to include in your mitigation plan:
- Maintain an open dialogue with the provider of the solution under attack. It appears that RSA is making significant efforts to keep customers informed. Discuss your security concerns with the vendor involved to understand the full risks to your organization.
- Be prepared for an extended investigation. Investigating sophisticated cyber-attacks can take several months. Security professionals will need time to analyze data and deconstruct the attack. Put measures in place to ensure you are engaged until the final report is issued.
- Inform your user base. Users should be made aware of the incident and possible implications and be instructed to maintain a heightened sense of awareness.
- Evaluate your internal systems. Regular evaluations of your internal information systems should be an embedded process. Review the information systems protection levels for both operating systems and applications. Make sure that all applicable security patches are installed, and review the configurations of access control systems for appropriate segregation and least privilege.
It’s important to keep in mind that mitigation plans need to be continually updated, as cyber attacks will become increasingly more intelligent. If you are unsure of how to start protecting your assets from cyber attacks, vendors such as Unisys can help you develop mitigation plans to ensure your data is safe.