Incident Response, TDR

Ready the troops: Global cyber warfare

Global cyber warfare is upon us. We CISOs and CSOs are the generals in the global cyber war. If you haven't thought about your role in these terms, then you are ripe for ambush.

When I ran information security for the city of New York, I constantly reminded my team that they are soldiers on the front line of a global cyber war with real-world consequences. To say that nyc.gov and the critical infrastructure of Gotham have ‘target' written all over them is certainly not an overstatement. This was my daily reality for 14 years.

The threat is coming from all directions. Foreign militaries, terrorists, organized criminals and industrial thieves target us on a daily basis. Some may know our IT footprint better than we do. Others have analyzed and understood our weaknesses better than we have. Does that scare you? It should.

The United States and other governments are putting Big Data to work for them and are analyzing our communication patterns in real time. If the U.S. can do it today, can China, Russia, India and perhaps Al-Qaeda be far behind? Perhaps your enemies know better than you where your assets are and which assets communicate. They will use that information to do damage to your business, your customers or your nation.

The cloud, once the answer to data center expansion, just makes it easier for thieves and disrupters to get at your data without your knowledge. It is 10 p.m. Do you know where your data is? 

Are your troops ready? How's your basic training? Make sure that your security awareness training for IT staff covers how to handle high-profile incidents. Evidence preservation and intelligence gathering must be in balance with the need to restore service, or you'll soon repeat the exercise without having gained any insight into the cause.

A good general has the respect and cooperation of the troops. You can earn this by getting out of your office and going down to the trenches and asking them if they consider themselves ready.

Don't do this at a formal meeting where there might be an inclination to paint a rosy picture. 

Get to know the best network engineers, sys admins and DBAs in your organization. They know things that won't turn up in your risk reports, audits or vulnerability management reports. They know where the weak underbelly of your organization is and probably have some good ideas on how to firm things up.

Make sure they know what to do within the first five minutes of the “big event.” It is coming soon to your enterprise.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.