UPDATED: Live each day like you're going to be hacked

Experts say it's better to expect the eventual cyberheist and have measures in place to keep your reputation intact. Boston College seems to be following that advice.

Every executive fears the day when hackers might breach network security, steal loads of sensitive data and ensure that the company's name will appear in months of embarrassing news headlines.

Using botnets, backdoor programs and other increasingly sophisticated means, the bad guys are getting better at cracking the best IT security barriers around. So your best bet is to live each day like you're going to be hacked and have a plan to find the thief quickly and keep your company's reputation intact, said experts at this week's SecureWorld conference in Millis, Mass.

That advice may be ringing in the ears of officials at Boston College. The Associated Press reported Thursday that the college warned 120,000 alumni that their personal information may have been stolen when an intruder hacked into a school computer containing the addresses and Social Security numbers of BC graduates.

BC spokesman Jack Dunn told the news agency that officials don't believe the hacker accessed personal information, but instead planted a program that could be used to launch attacks on

Sound off!
Share your thoughts on forensics. If a security budget is tight, can you recommend cheap ways to gather the necessary data? Do you have ideas on how to make the bosses loosen the purse strings?
other machines. Still, amid rising concerns about identity theft, the school sent letters to its alumni last Friday "as a precaution." The letters urge alumni to protect their identities and financial accounts by contacting their banks and warning them that their Social Security numbers may have been stolen.

Forensics was a word repeated throughout this week's SecureWorld conference. Experts mentioned the media firestorm that has enveloped ChoicePoint and other companies where hackers were able to steal mountains of consumer data that could eventually be used for identity theft and other cybercrimes.

"It behooves you to learn computer law; what police will want to know if a break happens," said Whitfield Diffie, vice president and CSO of Sun Microsystems. "Forensics is critical so when someone breaks in you have a record prosecutors can use."

The bad news is that every business can be hacked no matter how seriously executives take security, experts said. The good news is that companies can keep their reputations intact by responding the right way to a cyberheist. And that's where forensics is vital. It's all about knowing what not to touch and who to call the moment you think you've been hacked.

"Your number-one priority should be to notify law enforcement," said Brett Jaffe, principle of Medford, Mass.-based forensics firm Digital Discovery.

Jaffe's first piece of advice: "Have an incident response policy in place because without one you're already a step behind. You need a clear policy for network use -- who is on the network, what kind of access they're supposed to have and what employees can and cannot do. Make a copy of that policy available to all employees and make sure it is signed and

More on privacy breaches

Privacy breaches: Knowing the facts and asking the right questions

ChoicePoint CISO on the hot seat, but also firing back

ChoicePoint hires chief privacy officer

placed in the employee's records. That will be a big help to investigators."

He also advises logging everything and making that data easy to retrieve. "Log as much as possible," Jaffe said. "Storage is cheap. Lawsuits are not."

In the end, he said forensics is about not altering data. And it's better to have more evidence than not enough if something happens, he said.

"Always plan for something happening," he said. "It's not a matter of if, it's a matter of when."

Terri Curran, information security director for Framingham, Mass.-based Bose Corp., said she keeps up with reports from various research firms and scans the latest information security headlines. In the end, she said it's most important to talk to your peers and see what they're experiencing in the trenches.

She conducted an informal poll among her peers and found, among other things, that some companies are putting more money in the budget to upgrade forensics capabilities. However, when she asked other IT professionals what they wanted but didn't get in their budgets they listed:

  • A comprehensive business risk analysis;
  • Implementation of a centralized log server;
  • Network access controls for policy and compliance management; and
  • Formal incident response training.

Those are important items for any company that wants to weather the headlines a massive breach could unleash, experts agreed.

For her part, Curran would be more than happy to see fewer headlines in the future.

"I don't want to read another ChoicePoint story," she said. "It's becoming a knee-jerk [reaction] at this point."

Dig deeper on Emerging Information Security Threats

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close