Last year was recently declared the worst on record when it comes to cyber attacks. IT security incidents are not only increasing in frequency, but also in intensity. The result is increased pressure on IT and cybersecurity professionals to keep their organizations’ data safe.
Thomas Fischer, global security advocate at Digital Guardian, recently shared his advice on some areas that security professionals should place their priorities.
“There are a number of areas they should be focusing on to ensure their business do not suffer,” Fischer says. “In the past few weeks, we have seen large scale DDoS attacks against critical infrastructure. These malicious parties may decide that now is a good moment to flex their muscle.”
Fischer says there are several questions and considerations businesses should be asking themselves. Here are three top considerations.
Create a contingency plan
“Have you taken into account services to mitigate any direct DDoS against your business,” Fischer poses. “Do you have a plan to recover if your primary DNS provider is taken down? In the same domain of continuity and disaster recovering planning, has your business thought about the impact of an increase in transactions and visitors to your site? Are you prepared to support the additional load?”
“If not already planned, it may be worthwhile to investigate how you can dynamically increase your services but also (and more importantly) test your failover solution to ensure that if the primary sites go down, backup services are restored and up-and-running in the shortest amount of time for continuity of business,” Fischer advises.
Run through the app security checklist
“When testing the security of your applications, it’s important to ask: are you checking your data integrity to avoid pre-sales leakage,” Fischer says. “Are you testing for the presence of a real user to avoid scripting attacks against your site? Does your application ensure data integrity to avoid things like price fixing (i.e. changing the prices)?”
Protect payment systems and transaction data
“It’s important to ensure the right levels of security for your PoS and back-end payment systems,” Fischer says. “Have you recently audited your systems against PCI-DSS? Do you have the right levels of encryption in place for any personal consumer data you are storing?”
“As a common form of attack, malicious parties will try to target your administrators with spear-phishing attacks to gain control of their accounts or endpoints,” Fischer says. “To prevent this, training your admins to recognize potential spear-phishing is critical, as is making sure that you have the right controls in place to avoid common attacks used to gain access and control of an admin workstation.”
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access