Disaster recovery risk assessment for cyberterrorism attacks

In recent days, the threat of cyberterrorism attacks seems to loom darker. In this expert response, learn whether cyberterrorism threats should be feared and how to prepare for them.

David Mortman, Dell

Data center association AFCOM says companies aren't doing enough to prepare cyberterrorism disaster recovery plans, but how can a security organization make that justification to C-level executives? On the surface, it seems like a company is much more likely to deal with a security problem because of an unpatched system or a coding error in a Web application vs. a cyberterrorism attack.

Whether cyberterrorism is a real threat is subject to ongoing debate. However, if the question were to be rephrased...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

as: "Are denial-of-service (DoS) attacks (the most common form that cyberterrorist attacks would take) a viable threat?" then yes, this is something that should be addressed as part of a disaster recovery/business continuity (DR/BC) plan. This plan doesn't have to be anything fancy, but it's important to have contact information for the appropriate people at your ISPs and, if relevant, cloud service providers and application service providers (ASPs) as well.

However, it is my general opinion that while DoS and distributed DoS (DDoS) attacks are real threats, they should be categorized as a high impact/low probability threat; so, while it's important to have a plan to deal with them, they shouldn't be your biggest worry.

Instead, I'd worry about low- to medium-impact/medium- to high-probability threats, as they are the ones that can eat up resources quickly in the long run. Case in point: Small virus outbreaks, while relatively low-impact, can be highly disruptive and use up resources that could be focused on other issues. Likewise, patch management, configuration management and asset management all can be done with minimal effort, provided the organization has good change control and operational discipline. Doing this sort of planning right will free up resources to deal with more troublesome, less probable issues like DoS and DDoS attacks.

For more information:

Read more about the potential threat of cyberwarfare.
Check out this video in which Marcus Ranum discusses cyberwarfare.

This was last published in November 2009

Dig Deeper on Emerging cyberattacks and threats

cyberwarfare Cyberwarfare is computer- or network-based conflict involving politically motivated attacks by a nation-state on another nation-state.

cyberterrorism According to the U.S. Federal Bureau of Investigation, cyberterrorism is any 'premeditated, politically motivated attack against information, computer systems, computer programs, and data which results in violence against non-combatant targets by sub-national groups or clandestine agents.'

Cyber Intelligence Sharing and Protection Act of 2011 (CISPA) The Cyber Intelligence Sharing and Protection Act (CISPA) of 2011 is a proposed United States federal law that would allow for the sharing of Web data between the government and technology companies.

Cybercrime, Cyberwars, Cyberterrorism and Hacktivism What exactly is the truth behind cybercrime, cyberwarfare, cyberterrorism and hacktivism?

Study links outsourcing, mobile workforce and cyberterrorism threats A new study of top government IT executives conducted by the Ponemon Institute identified outsourcing, cyberterrorism and an increasingly mobile workforce as significant threats to data, government ...

Cyberwarfare, targeted attacks pose increasing infosec threat A malware expert at the Computer Forensics show says despite notable gains for the industry, the danger posed by cyberwarfare and organized crime pose a host of major challenges.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

Please create a username to comment.

How to implement zero-trust cloud security

AWS Access Analyzer aims to limit S3 bucket exposures

How to evaluate CASB tools for multi-cloud deployments

Test your knowledge of SD-WAN deployments and testing

4 SD-WAN vendors integrate with AWS Transit Gateway

Assess the Wi-Fi 6 features available in Wave 1 and Wave 2

Top edge computing trends to watch in 2020

Shell, Halliburton, Unibap AB execs share real-world AI strategies

What's the difference between RPA and IPA?

Microsoft extends Office 365 benefit to nonprofit volunteers

Cut through confusion of the digital workspace market

Windows 10 issues top list of most read stories for IT pros

Get started with Azure tags

Review these Azure Service Bus best practices

Instill cloud change management best practices

Clouds in the desert as Middle East transforms

Rapid evolution of quantum computing a concern for CISOs

Podcast: The Computer Weekly Downtime Upload – Episode 40

Dig Deeper on Emerging cyberattacks and threats

Related Q&A from David Mortman

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.