Break down the Government walls
Government agencies and bodies such as NATO can, of course, afford to take steps to detect and prevent cyber attacks, and they can also call on their intelligence services to try to predict where the next attacks might come from.
Commercial businesses, though, are forced to rely on their security vendors, IT consultants and own in-house IT teams to bolster defences. After the recession, Professor Walker cautions, some companies may well find their defences are lacking. "Security has been impacted. Businesses now need to see how secure they are," he said.
The first and urgent steps to protect a business against cyber attacks need not be expensive, however. At ISACA, Professor Walker advises carrying out an urgent security review. Mid-sized businesses and enterprises should have the resources to do this themselves.
If they do not, a few thousand pounds spent on external testing is a far better than running the risk of the significant downtime and reputational damage that follows a successful attack, he suggests. When businesses do carry out such audits, often the result is that they find they can switch resources to where they are more effective; new spending is not always necessary.
But businesses that trade online, or depend heavily on the public internet for their collaboration and communications tools, might need to delve deeper into their technology platforms to ensure they are resilient. Firms need to make sure operating systems, web servers, databases and firewalls are up to date and fully patched, and that they are watching logs for suspicious activity. IT staff should also ensure they receive up to date security information from the vendors, as these are a valuable early warning system. "DDoS attacks against websites can be difficult to fend off, as we saw with MasterCard and others over the past couple of days," explains Dave Beesley, MD of consultancy Network Defence. "However, there are strategies that companies can take to defend themselves against cyber threats generally. "The first is to make sure that their web platforms, operating systems and applications are running the latest up-to-date patches, as attackers often seek to exploit known vulnerabilities. And web gateways and firewalls need auditing to ensure their rule-sets are capable of dealing with attacks."
IT professionals should act quickly to check their security, and to reassure their companies' boards that all that can be done, is being done. No-one can say how the WikiLeaks saga will end, but the unfortunate truth is that cyber attacks are here to stay.
