Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Disaster Recovery

Network Security Lessons from Sandy

As our thoughts and prayers go out to those affected by Super Storm Sandy and the many who continue to deal with the aftermath of the storm, it seems timely to also reflect on the lessons learned from this natural disaster. What can we glean from Sandy that will help us deal with security events as disruptive in nature as Super Storm Sandy? Do we need a strategic shift in how we respond to incidents? What are key security observations from this storm? Consider these three key learnings:

As our thoughts and prayers go out to those affected by Super Storm Sandy and the many who continue to deal with the aftermath of the storm, it seems timely to also reflect on the lessons learned from this natural disaster. What can we glean from Sandy that will help us deal with security events as disruptive in nature as Super Storm Sandy? Do we need a strategic shift in how we respond to incidents? What are key security observations from this storm? Consider these three key learnings:

Plan for All Disasters, Not Just Natural Ones

Disaster PlanningDisaster recovery is about preparing and recovering from any event that impacts business and infrastructure continuity. In this case, it was super size storm, but it could have been any event –power failure, floods, earthquakes or a targeted attack. Disaster recovery is not only about preparing for something that may happen to your business at some point (the disaster), but also the ability to safeguard and restore the data (recovery) so you can get back to business as usual.

The best practice for disaster recovery involves adequate planning and investment to ensure every potential disaster has an appropriate solution. This can range from what to do due to loss of electricity or lack of fuel needed to power backup generators, to the operational aspect of disaster recovery such as operating procedures, staffing support plans and backup communications. Because disaster recovery is a continual process of analysis and improvement, frequent drills must be held to instill processes and procedures. It’s very similar to what we incorporate in training for other activities – for example, the key part of pilot training isn’t just how to fly an airplane, but how to react when something goes wrong with the plane or engine.

But, it’s important that this planning extend to network security as well. If Mother Nature can deliver so much havoc, then can your IT infrastructure, electric utilities and water systems withstand intentional modern attacks? Homeland Security Secretary Janet Napolitano said after Sandy, “If you think a control-system attack that takes down a utility even for a few hours is not serious, just look at what is happening now that Mother Nature has taken out those utilities.” How will your team handle a breach in the network in a way that mitigates and minimizes downtime for the network, and protects other critical data? There is no guarantee of 100 percent security for your network, therefore a good security architecture must be balanced with preparations for network breaches, however infrequently they may occur.

The proper network security plan can accomplish a number of key goals – minimize loss of data, address regulatory compliance issues and preserve appropriate information so that your forensics team and/or law enforcement has enough information to identify the attackers and prevent attacks from occurring in future.

Consumerization is Alive and Thriving

In the aftermath of Sandy, a key portion of the East Coast population either lost access to applications (email servers etc), or were unable to physically get to their offices. Many defaulted towards using consumer applications for business – Google Mail, Skype, Dropbox.

The behavior of leveraging personal technology and applications isn’t new. How many of you have sent documents to co-workers via Dropbox because you didn’t want to send huge files via email and crash a co-worker’s inbox? We’ve been seeing this dissolution of traditional distinction between business and personal use within the enterprise, and this behavior will continue. In this case, the ability to utilize these applications during the storm actually enhanced business productivity. At the same time, it does stress the need for network security that can safely enable applications based on users, applications and content. For example, the Dropbox application should have been enabled only for the right filetypes and functions (i.e. no uploads of sensitive corporate information), whether during sunny or stormy days.

Advertisement. Scroll to continue reading.

Business Continuity PlanningAfter Sandy dissipated, many who didn’t have power or Internet access also favored mobile devices like phones and tablets to communicate and work, charging these devices using their car chargers. This brings the concept of working from “anywhere, anytime, from any device” to a whole new level. In fact, what we traditionally may consider an endpoint problem is clearly also a network and data center problem, as appropriate access to applications should be enforced depending on what types of devices are used (sanctioned IT devices versus personal devices). Clearly, businesses with a more open culture that embraced consumerization, and had developed the proper security policies to be consistently enforced, continued to be productive in the aftermath of the storm.

Select the Right Partner and Architecture

Finally, I think we can agree that selecting the right partner is important, and this is most obvious during a crisis. Businesses that picked the right data center provider with the proper scalability and redundancy architecture, were able to withstand challenges from the storm. Others such as Huffington Post, Gawker, and Buzzfeed were unfortunate enough to have the data center that hosted their web services flooded, and without proper geographically dispersed redundant sites, incurred some significant down time. The right security architecture goes hand-in-hand with any data center architecture, and the simplest design wins. The simplest designs succeed at being highly available, while more complex and over-engineered designs introduce more variables, human error, and risk that can even reduce uptime if not properly designed.

Moving Forward

The ability for anyone to be completely prepared for a storm the magnitude of Sandy is unlikely. What we can do is move forward, learn and deal with future disasters. Similarly, on the security side, it is about understanding the trends with modern attacks, consumerization, and mobile devices, and learning to plan and design for them from a security perspective so that few surprises will occur. And if surprises do occur, then hopefully your disaster recovery plans are in place to deal with them.

Related Reading: Business Continuity Planning in a Cloud Enabled World

Written By

Danelle is CMO at Ordr. She has more than 20 years of experience in bring new cybersecurity technologies to market. Prior to Ordr, she was CMO at Blue Hexagon (acquired by Qualys), a company using deep-learning to detect malware, and CMO at SafeBreach where she helped build the marketing organization and define the Breach and Attack Simulation category. Previously, she led strategy and marketing at Adallom, a cloud security company acquired by Microsoft. She was also Director, Security Solutions at Palo Alto Networks, driving growth in critical IT initiatives like Zero Trust, virtualization and mobility. Danelle was co-founder of a high-speed networking chipset startup, co-author of a Cisco IP communications book and holds 2 US patents. She holds an MSEE from UC Berkeley.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...