With problems in Iran, American businesses need to have a heightened sense of awareness around potential cyberattacks. What can businesses do and what should they be aware of?
The first thing people/companies need to be doing is training their staff on what to look out for. This is where we see most of the organizations fail. They put in place very robust technology, firewalls, IPS’s, IDS’s, antivirus, and things of that nature, but they fail to educate their staff on wat they should and shouldn’t be doing while they’re using corporate computing platforms. Iranian hackers are using fake links within LinkedIn to get people to download malware, Employees don’t recognize that using social networks could potentially be a danger to their company, they get complacent. If the company doesn’t have the proper technologies in place, if they don’t have a proxy firewall, for example, that would filter the web traffic and inspect it. There is a good chance that they can click from a link and download something or have something execute on their system that would then start infecting the rest of the systems within the organization.
If something does happen, you need to have a robust incident response program in place. In the financial industry, having off-line procedures is critical, because obviously, people are still going to want to come in and transact business, they’re going to want to cash checks, make withdrawals, and deposits. If the organization doesn’t have good offline procedures put in place, there is a good chance that they are not going to be able to serve their membership or their customers and as a result they are going to end up in the press as it’s an eventuality that somebody will get angered because they couldn’t cash their check and run to the press screaming that this organization wasn’t prepared or ready for this type of eventuality to occur. A municipality, could be at the tax office, could have the same type of issue so really it’s having that incident response program and a business continuity program in place so that you respond, should ransomware or other types of malware make its way into your network so that you can respond accordingly and you can still function as a business while your IT department is dealing with the forensics and the other types of analysis that needs to be done so that they can bring the rest of the systems back online.
It’s really important to make sure that businesses are testing their programs. All too often, what we at Digital Defense see is that people have very robust incident response programs in place, but it’s been five years since they tested it. And since then, they have changed their processing systems, or they’ve upgraded their computing platforms to a new server level. So now, what they have no longer applies to what they have in place, but they haven’t tested it, so they don’t know. And when an issue arises, and they pull that plan out and it’s too late and they find that that plan no longer applies and it doesn’t work, and it doesn’t save them.
Tom DeSot, EVP & Chief Information Officer ofDigital Defense, Inc. Tom DeSot is the Chief Information Officer of Digital Defense, Inc. He is charged with developing and maintaining relationships with influential industry and market regulators, identifying key integration and service partnerships and serving as the prime regulatory compliance resource for external and internal contacts. He also serves as the company’s internal auditor on security-related matters. Prior to joining Digital Defense, DeSot served as vice president of information systems for a mid-tier financial institution in San Antonio, TX. While there, he was responsible for managing numerous institution-wide projects ranging from information security initiatives, to the Y2K program and the installation and implementation of both home banking and bill pay products. DeSot also managed the institution’s ATM and debit card program, as well as all ATM network activities. DeSot holds a bachelor’s degree in applied arts and sciences from Texas State University and is a master’s candidate in information assurance at Southern New Hampshire University. He is heavily involved in San Antonio’s information security community and has served on the board of directors for the Alamo Chapter of Information Systems Audit and Control Association and was a founding board member of the Alamo Chapter of the Information Systems Security Association. He is also a former Supervisory/Audit Committee Chairman for a mid-tier financial institution and now serves on their Board of Directors as the chairman of their Governance Committee. DeSot also serves on an information security curriculum advisory panel for Texas A&M University, San Antonio and is a member of the North San Antonio Chamber of Commerce IT Committee and has delivered classroom and symposium presentations on cybersecurity and cyber ethics at the University of Texas at San Antonio. He holds the National Security Agency’s INFOSEC Assessment Methodology Certification and is formally trained in the OCTAVE Risk Assessment Methodology.