SUBSCRIBE TO
CONTINUITY BRIEFING


Business continuity news

Never miss a news story: signup for our free weekly email newsletter.

REGIONAL PORTALS
Continuity Central currently offers three regional business continuity portals:
North America
United Kingdom
Asia Pacific / Australasia

Business Continuity books

In Hindsight - A compendium of Business Continuity case studies

Add to Google  

Use Google?
Click the button to add Continuity Central news to your Google home page
.

Follow us on Twitter  

Get immediate news
and information updates via our Twitter feed.

SUBMIT YOUR NEWS
To submit news stories to Continuity Central, e-mail the editor.

NEWSFEED
Want an RSS newsfeed for your website? Click here

OUR COOKIE POLICY
Before using this website ensure that you understand and accept our cookie policy. More details

Plan to fail for better security and continuity

Tom Davison looks at how failures can be used to boost security and help business continuity: if approached in the right way.

We’ve all heard the old saying: “If you fail to plan, you’re planning to fail.” Of course, it’s true: and from a security viewpoint, it’s also interesting to turn the cliché on its head. Shouldn’t a major part of any robust IT security strategy be about planning to fail? About preparing for the ‘what if’ scenarios that can disrupt normal business operations, and attempting to mitigate the potential impact of those disruptions?

A majority of businesses already do this to some extent, by performing regular vulnerability scans and penetration tests on their networks. But all too often these tests will look only at issues such as vulnerabilities on Internet gateways, systems with out-of-date patches or the presence of malware. They don’t include other security problems that are just as capable of causing outages, failures and damage – such as DDoS attacks, phishing attempts and more – which almost always strike seemingly at random and unexpectedly.

So how do you widen the scope of your security planning to ensure you’ve covered all the outage and security scenarios that could have a catastrophic effect on your business?

Monkey business

A few years ago, streaming media company Netflix addressed this specific issue by creating a software tool called Chaos Monkey. Its purpose was simply to randomly target and kill software and server processes, to try to disrupt and cause failure in the company’s overall services. If Chaos Monkey couldn’t interrupt service to users, then the company had truly built a resilient network.

While letting rogue software loose in your main business systems may seem counterintuitive, from a security standpoint it makes sense. After all, wouldn’t you want your systems to remain secure when it matters the most: during an actual attack or unexpected outage? It’s the random element that provides the toughest test.

Now, you may think that there are more than enough security events taking place both inside and outside your network already, which are already fulfilling the Chaos Monkey’s role admirably. So why not use the example of some of these frequent, randomly occurring events to reduce your organization’s exposure to risk? Here’s a look at how to mitigate the impact of some very common, but unpredictable, security problems.

DDoS denial

Over the past year, we’ve all seen how almost any organization, commercial or government, can be the target of a damaging DDoS attack. You may not have been targeted yet, but practical measures that any company can take to protect itself against a future attack include:

  • Tuning firewalls to handle large connection rates. IT teams should adjust firewall settings to recognise and handle large-volume and application-layer attacks. Depending on the firewall, protection can be activated to block DDoS packets.
  • Tuning web servers and modifying load balancing and content delivery strategies to ensure the best possible uptime. Simple things such as not hosting large downloadable files on web servers can help, as can safeguarding against multiple login or registration attempts.
  • If your business is totally reliant on its web presence, consider using a scrubbing service or ‘cleaning provider’ to handle large volume attacks, or use a dedicated DDoS mitigation appliance.

Kicking out bots

The Check Point 2013 Security Report found that 63 percent of organizations worldwide were infected with bots, and more than half of them were being infected with new malware at least once a day. While bots are designed to operate below the radar and may not cause immediate outages, the long-term consequences of disruption and data loss can be serious. Bots tend to use a series of attacks in sequence to infiltrate networks and siphon data, so thwarting any one of these attacks will render them useless. Simple measures such as activating desktop firewalls (usually part of endpoint protection suites), controlling access between network segments, and monitoring firewall traffic for clues will help to stop bots. Companies can also deploy dedicated anti-bot solutions.

The human element

Attackers often look to exploit simple human errors: tricking unsuspecting employees into clicking links in phishing emails to infect their PCs, or inadvertently posting sensitive information to the wrong website. Unfortunately, we’re all conditioned to trust others, and it’s difficult to change this mindset because employees want to be helpful, and want to feel they are doing their jobs effectively. So education can play a key role in boosting security, by making staff aware of potential risks and threats, and of how their behaviour can mitigate risks by avoiding phishing emails, fake websites and more. It’s worth conducting small tests and training sessions with staff, using examples of phishing emails, to show how seemingly innocuous actions such as clicking on an unknown attachment or link can lead to a security breach.

Blame it on the weatherman

Finally, in focussing on the technical challenges don’t forget about other threats. In 2012 storms and adverse weather caused longer outages than cyber-attacks, according to a recent report by the EU Agency for Network and Information Security. The average duration of outages from cyber-attacks was four hours, while weather- and power-related outages lasted an average of 36 hours. So don’t overlook these basic contingencies as part of your planning.

Anticipating security failures and taking steps to stop them from happening is a good way to boost your organization’s overall protection – making planning to fail a truly positive action.

The author
Tom Davison is technical director for Check Point.

•Date: 15th October 2013 • World •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.
   

How to advertise How to advertise on Continuity Central.

BCM software

BCM software

Phoenix

Business continuity software

The Business Continuity and Resiliency Journal