Every executive fears the day when hackers might breach network security, steal loads of sensitive data and ensure that the company's name will appear in months of embarrassing news headlines.
Using botnets, backdoor programs and other increasingly sophisticated means, the bad guys are getting better at cracking the best IT security barriers around. So your best bet is to live each day like you're going to be hacked and have a plan to find the thief quickly and keep your company's reputation intact, said experts at this week's SecureWorld conference in Millis, Mass.
That advice may be ringing in the ears of officials at Boston College. The Associated Press reported Thursday that the college warned 120,000 alumni that their personal information may have been stolen when an intruder hacked into a school computer containing the addresses and Social Security numbers of BC graduates.
BC spokesman Jack Dunn told the news agency that officials don't believe the hacker accessed personal information, but instead planted a program that could be used to launch attacks on
Forensics was a word repeated throughout this week's SecureWorld conference. Experts mentioned the media firestorm that has enveloped ChoicePoint and other companies where hackers were able to steal mountains of consumer data that could eventually be used for identity theft and other cybercrimes.
"It behooves you to learn computer law; what police will want to know if a break happens," said Whitfield Diffie, vice president and CSO of Sun Microsystems. "Forensics is critical so when someone breaks in you have a record prosecutors can use."
The bad news is that every business can be hacked no matter how seriously executives take security, experts said. The good news is that companies can keep their reputations intact by responding the right way to a cyberheist. And that's where forensics is vital. It's all about knowing what not to touch and who to call the moment you think you've been hacked.
"Your number-one priority should be to notify law enforcement," said Brett Jaffe, principle of Medford, Mass.-based forensics firm Digital Discovery.
Jaffe's first piece of advice: "Have an incident response policy in place because without one you're already a step behind. You need a clear policy for network use -- who is on the network, what kind of access they're supposed to have and what employees can and cannot do. Make a copy of that policy available to all employees and make sure it is signed and
He also advises logging everything and making that data easy to retrieve. "Log as much as possible," Jaffe said. "Storage is cheap. Lawsuits are not."
In the end, he said forensics is about not altering data. And it's better to have more evidence than not enough if something happens, he said.
"Always plan for something happening," he said. "It's not a matter of if, it's a matter of when."
Terri Curran, information security director for Framingham, Mass.-based Bose Corp., said she keeps up with reports from various research firms and scans the latest information security headlines. In the end, she said it's most important to talk to your peers and see what they're experiencing in the trenches.
She conducted an informal poll among her peers and found, among other things, that some companies are putting more money in the budget to upgrade forensics capabilities. However, when she asked other IT professionals what they wanted but didn't get in their budgets they listed:
- A comprehensive business risk analysis;
- Implementation of a centralized log server;
- Network access controls for policy and compliance management; and
- Formal incident response training.
Those are important items for any company that wants to weather the headlines a massive breach could unleash, experts agreed.
For her part, Curran would be more than happy to see fewer headlines in the future.
"I don't want to read another ChoicePoint story," she said. "It's becoming a knee-jerk [reaction] at this point."