Prepare for the Attack of the Data-Sucking Cyber Zombies

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.entrepreneur.com/article/237142

The data-sucking cyber zombies have attacked again! This time, the nation’s
fourth largest retailer, Home Depot, possibly fell victim to malicious and
vengeful acts of sophisticated hackers who exposed customer information
that could affect all of the chain’s 2,200 stores.

Following in the wake of the most recent data security breaches involving
Target, PF Chang’s and Sally Beauty, this week’s incident involving Home
Depot has certainly added to the cyber security panic throughout the online
world. If you don’t have a plan in place to prevent and respond to such an
attack, you’re already behind – but it’s also a great time to refresh your
plan and make sure things are as secure as possible.

Here are four tips on how you can ensure your security plan can protect you
from future zombie security attacks.

1. Know what to look for. Having trained professionals who understand cyber
security and know what to look for is essential to an overall security
strategy. Whether you employ someone full time in-house, or contract out to
a firm specializing in cyber security, it’s imperative to have an expert
who can identify your issues and implement a solution.

If you don’t know what a cyber zombie looks like, or what possible symptoms
of an attack are, there is no way to protect yourself. Every system has
vulnerability – hackers are going to seek it out and identify it, so you
must be able to do so as well.

2. Routine security checks/patches. Once you know what possible symptoms of
cyber zombie attacks on your system may look like, it is essential to
perform routine security checks. Depending on your industry, you may need
to perform those checks weekly, monthly, quarterly, etc.

In addition to performing routine checks, it is important to install
security patches regularly. Pay attention to what software you use and the
security updates provided by those vendors. Make it a habit to install
those security updates promptly. Letting your security checks or security
patches lapse opens up opportunity for a breach.

3. Plan for an attack. Hoping your business will not be the victim of a
data breach or hack is bad enough but just as naive and dangerous is
believing your security plan is so tight you will never be attacked. You
can’t be confident that you are 100 percent safe and secure if millions of
dollars spent on security from one of the world’s largest retailers didn’t
prevent an attack on them. In reality, it’s not a matter of if you will be
attacked but when and how.

This is why it’s essential to have an attack plan in place. How will your
team respond to an attack? When will you tell your customers? Who else will
you need to get involved and when? These are all questions that must be
well thought out in order to deal with an attack when it comes. Being
proactive instead of reactive is the best thing you can do. Don’t wait for
it to happen before you come up with a plan – have something in place right
now.

Even the Center for Disease Control and Prevention has a plan for the
zombie apocalypse – so there’s no reason for your organization to not have
a plan of in place for a data breach.

4. Act fast. Make sure your plan allows you to act swiftly. Once a security
breach happens, the worse thing to do is to let too much time elapse
between the breach and when a correction is made or your customers are
notified.

These cyber zombies know that from the moment they begin an attack, they
have a limited amount of time to disseminate the information they find
(your customer’s credit card info, medical info, etc.) to the highest
bidder. Shutting down the ability for these cyber zombies to make money by
notifying your customers to change their passwords, notify their banks,
etc. will be crucial to avoiding more damage than the breach itself.

Don’t drag your feet for fear of bad press. Your first priority is the
security of you business and customers.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!