How to prevent a cyber-attack and mitigate damage

Over the past couple of months we’ve seen reports of major defense contractors and systems integrators being the target of sophisticated cyber-attacks that appear to have leveraged vulnerabilities created from the RSA SecureID hack. In March, RSA notified SecureID customers that the company discovered an ongoing sophisticated attack targeting its internal systems.

The attack resulted in attackers extracting information from RSA’s systems — specifically the “secret seed” data used to generate the one-time passwords for RSA SecureID tokens — which hackers used to initiate subsequent attacks.

As the number and severity of attacks continues to rise, many organizations are worried. If these types of cyber attacks can happen to some of the most secure organizations in the world, are we as secure as we should be?

The first step to preventing a cyber attack is to make sure you have a mitigation plan in place. Part of the plan should include an IT solution map of IT assets, to fully illustrate the relationship between IT security vulnerabilities and the potential business impact of an attack on them. This helps allocate budget, and ensure your most mission-critical data is backed up most often. A colleague of mine, Walt Leach, has written on this subject for the Economist Intelligence Unit.

Here are a few more suggestions for elements to include in your mitigation plan:

  • Maintain an open dialogue with the provider of the solution under attack. It appears that RSA is making significant efforts to keep customers informed. Discuss your security concerns with the vendor involved to understand the full risks to your organization.
  • Be prepared for an extended investigation. Investigating sophisticated cyber-attacks can take several months. Security professionals will need time to analyze data and deconstruct the attack. Put measures in place to ensure you are engaged until the final report is issued.
  • Inform your user base. Users should be made aware of the incident and possible implications and be instructed to maintain a heightened sense of awareness.
  • Evaluate your internal systems. Regular evaluations of your internal information systems should be an embedded process. Review the information systems protection levels for both operating systems and applications. Make sure that all applicable security patches are installed, and review the configurations of access control systems for appropriate segregation and least privilege.

It’s important to keep in mind that mitigation plans need to be continually updated, as cyber attacks will become increasingly more intelligent. If you are unsure of how to start protecting your assets from cyber attacks, vendors such as Unisys can help you develop mitigation plans to ensure your data is safe.

Steve Vinsik is vice president and partner, Global Security Solutions for Unisys. He has over 16 years’ experience leading field operations teams that conduct research and development, application development, and systems integration for information security programs – spanning biometric and surveillance technology integration, command and control applications, secure cloud solutions, security architecture, physical and cyber security, and information systems domains. His experience spans numerous clients in government, transportation, critical infrastructure, and financial services sectors globally. Steve is an industry recognised expert in securing critical infrastructure from physical and cyber security threats and is a frequent speaker at conferences and symposiums around the world. He has served on several national and international standards committees including the international committee on biometrics standards (ISO SC37) and is currently the Secretary on the board of the BioAPI standards organisation.