Plan to fail for better security
by Tom Davison - Technical Director at Check Point - Thursday, 17 October 2013.
DDoS denial

Over the past year, we’ve all seen how almost any organisation, commercial or government, can be the target of a damaging DDoS attack. You may not have been targeted yet, but practical measures that any company can take to protect itself against a future attack include:
  • Tuning firewalls to handle large connection rates. IT teams should adjust firewall settings to recognise and handle large-volume and application-layer attacks. Depending on the firewall, protection can be activated to block DDoS packets.
  • Tuning web servers and modifying load balancing and content delivery strategies to ensure the best possible uptime. Simple things such as not hosting large downloadable files on web servers can help, as can safeguarding against multiple login or registration attempts.
  • If your business is totally reliant on its web presence, consider using a scrubbing service or ‘cleaning provider’ to handle large volume attacks, or use a dedicated DDoS mitigation appliance.
Kicking out bots

The Check Point 2013 Security Report found that 63% of organisations worldwide were infected with bots, and more than half of them were being infected with new malware at least once a day. While bots are designed to operate below the radar and may not cause immediate outages, the long-term consequences of disruption and data loss can be serious. Bots tend to use a series of attacks in sequence to infiltrate networks and siphon data, so thwarting any one of these attacks will render them useless. Simple measures such as activating desktop firewalls (usually part of endpoint protection suites), controlling access between network segments, and monitoring firewall traffic for clues will help to stop bots. Companies can also deploy dedicated anti-bot solutions.

The human element

Attackers often look to exploit simple human errors: tricking unsuspecting employees into clicking links in phishing emails to infect their PCs, or inadvertently posting sensitive information to the wrong website. Unfortunately, we’re all conditioned to trust others, and it’s difficult to change this mindset because employees want to be helpful, and want to feel they are doing their jobs effectively.

Education can play a key role in boosting security, by making staff aware of potential risks and threats, and of how their behaviour can mitigate risks by avoiding phishing emails, fake websites and more. It’s worth conducting small tests and training sessions with staff, using examples of phishing emails, to show how seemingly innocuous actions such as clicking on an unknown attachment or link can lead to a security breach.

Blame it on the weatherman

Finally, for organisations in which business continuity and systems availability are critical, don’t forget that in 2012 storms and adverse weather caused longer outages than cyber attacks, according to the EU Agency for Network and Information Security. The average duration of outages from cyberattacks was four hours, while weather- and power-related outages lasted an average of 36 hours. So don’t overlook these basic contingencies as part of your security planning.

Anticipating security failures and taking steps to stop them from happening is a good way to boost your organisation’s overall protection – making planning to fail a truly positive action.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th