Surviving a systems security breach

Having
effective software and monitoring in place, as well as a planned response to a
security breach are vital to protecting your company. Keith Rodgers reports

Security
experts advise organisations to plan well in advance for attacks by hackers and
unauthorised access incidents. But users face one big problem – they won’t
necessarily know they have been a victim of a security breach even after the
event.

Many
amateur hackers take pleasure in boasting about their exploits, often leaving
digital graffiti on websites. But the greatest risk comes not from
mischief-makers, but from malicious attacks and attempts to grab information
for gain.

In
these instances, the quality of the organisation’s monitoring software is
vital. It will determine whether the system administrator is even aware
security has been compromised. By building in alerts that warn of changes to
key data and attempted access, organisations can monitor user behaviour and
establish when an intrusion has occurred.

Experts
agree that reacting to attacks will mostly be dictated by effective planning.
Monitoring doesn’t just indicate an intrusion has taken place, for example – it
is essential to allow organisations to work out how extensive an attack has
been.

Simon
Owen, a partner in Andersen’s technology risk department, warns that one of the
most expensive elements of security is finding out exactly what occurred,
before the damage can even start to be repaired. If adequate monitoring wasn’t
in place, that process can be extensive.

Once
an alarm has been triggered, argues Mark Frear, head of enterprise portals at
SAP UK, it is critical to escalate the search. There has to be a clear
reporting path, mapped out in advance.

In
practical terms, most organisations will seek to establish how the security
system was breached as quickly as possible. It will act to prevent further
incidents, even if it  means taking some
systems offline. Establishing whether data has been compromised and
confidential information lost is also a clear priority. Again, those
organisations that planned for potential disasters by installing data back-up
facilities are the most likely to recover fast.

But
as Owen points out, problems don’t stop there. Dealing with the media may
become an issue for large organisations. Internal communications are essential
for all companies, particularly if individual privacy has been compromised.

Violations
could also have legal implications, especially in the UK where the Data
Protection Act and EU directive on privacy are hot topics. For regulated
industries such as financial services, explaining the nature of the attack and
the extent of any damage to the relevant authorities will be a time-consuming
and potentially costly exercise.

Most
organisations prefer to keep information about attacks under wraps, but vendors
argue organisations should make every effort to establish the source of the
hacking rather than focusing exclusively on remedying the problems.

Mike
Richards, CEO of Snowdrop Systems, recommends that organisations hire
specialists to track down the intruders – at least to establish how they gained
entry. It may also pave the way for future legal action.

For
the HR department, the custodian of some of the most confidential information
within an organisation, the message is clear: the speed in which an
organisation can recover from an attack largely correlates to how much ground
it has prepared in advance. That requires HR to work closely with IT to
establish what procedures need to be put in place.

Comments are closed.