Disaster recovery risk assessment for cyberterrorism attacks

In recent days, the threat of cyberterrorism attacks seems to loom darker. In this expert response, learn whether cyberterrorism threats should be feared and how to prepare for them.

David Mortman, Dell

Data center association AFCOM says companies aren't doing enough to prepare cyberterrorism disaster recovery plans, but how can a security organization make that justification to C-level executives? On the surface, it seems like a company is much more likely to deal with a security problem because of an unpatched system or a coding error in a Web application vs. a cyberterrorism attack.

Whether cyberterrorism is a real threat is subject to ongoing debate. However, if the question were to be rephrased...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

as: "Are denial-of-service (DoS) attacks (the most common form that cyberterrorist attacks would take) a viable threat?" then yes, this is something that should be addressed as part of a disaster recovery/business continuity (DR/BC) plan. This plan doesn't have to be anything fancy, but it's important to have contact information for the appropriate people at your ISPs and, if relevant, cloud service providers and application service providers (ASPs) as well.

However, it is my general opinion that while DoS and distributed DoS (DDoS) attacks are real threats, they should be categorized as a high impact/low probability threat; so, while it's important to have a plan to deal with them, they shouldn't be your biggest worry.

Instead, I'd worry about low- to medium-impact/medium- to high-probability threats, as they are the ones that can eat up resources quickly in the long run. Case in point: Small virus outbreaks, while relatively low-impact, can be highly disruptive and use up resources that could be focused on other issues. Likewise, patch management, configuration management and asset management all can be done with minimal effort, provided the organization has good change control and operational discipline. Doing this sort of planning right will free up resources to deal with more troublesome, less probable issues like DoS and DDoS attacks.

For more information:

Read more about the potential threat of cyberwarfare.
Check out this video in which Marcus Ranum discusses cyberwarfare.

This was last published in November 2009

Dig Deeper on Emerging cyberattacks and threats

Related Q&A from David Mortman

Test a security architecture design without an IT security consultancy

While IT security consultancies can be helpful when trying to find flaws in an information security management framework, there are ways to do it ... Continue Reading

How to reduce PCI DSS security scope for an audit

PCI DSS audits can be a lot easier if the scope is narrow. Learn how to consolidate and store sensitive data in order to best reduce PCI DSS security... Continue Reading

How to talk to executives about an information security team hire

When hiring an information security team member, how important is a certification in information security? Learn how to talk to executives about ... Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

SearchCloudSecurity

5 steps to a secure cloud control plane

A locked-down cloud control plane is integral to maintaining cloud security, especially in multi-cloud environments. Here are ...

3 steps to prepare IT operations for multi-cloud

Organizations must ready their IT operations for multi-cloud and the unique security challenges ahead. Equip your IT ops team ...

Shared responsibility model transparency boosts cloud security

The shared responsibility model delineates where company and CSP security responsibilities start and end. This is critical not ...

SearchNetworking

5G vs. Wi-Fi: Verizon says cellular will win

In the not-too-distant future, businesses could find themselves weighing 5G vs. Wi-Fi in the campus and office. Verizon has ...

Gartner WAN edge Magic Quadrant offers buying advice

How should businesses buy WAN edge technology? You probably shouldn't rely on vendor name recognition alone. Instead, consider ...

Future of networking technology relies on 5G, edge computing

In this roundup of networking blogs, experts discuss the key trends they look forward to in 2020 and how these advancements could...

SearchCIO

Preparing for the new forms of cybersecurity threats in 2020

In the first part of a series on the new forms of cyberthreats in 2020, we're diving into the many infiltration points being ...

What is the state of CIO tenure today?

CIO tenure remains significantly lower than other C-suite positions, and according to experts, it's a result of the age of ...

The evolution of RPA, from macros to process transformation

RPA evolved from technology debuted in the 1950s and '60s and was developed to today's standards by the industry's leading ...

SearchEnterpriseDesktop

With support for Windows 7 ending, a look back at the OS

With support for Windows 7 ending and Microsoft ushering in the end of life for the OS, tech experts and IT pros look back at its...

Image-level methods for Windows application deployment

Imaging is a crucial process, but IT must also consider application deployment. Here are methods to deploy different types of ...

3 Windows migration questions IT must answer

Microsoft has stopped mainstream support for Windows 7, so organizations must have a plan to migrate to Windows 10 or extend ...

SearchCloudComputing

Google Cloud support premium tier woos enterprise customers

Google Cloud has rolled out a new Premium Support offering aimed at deep-pocketed enterprises with larger, more complex ...

Confidential computing promises secure cloud apps

Adopt confidential computing to protect sensitive data in the cloud. Learn the basics about these technologies and evaluate ...

A comprehensive Azure instance comparison for your workloads

When it comes to choosing the best Azure compute instance for your workload, the options can be overwhelming. Use these tips to ...

ComputerWeekly.com

App developers sue Facebook over ‘anti-competitive conduct’

Lawsuit is based on leaked internal Facebook documents obtained and published by Computer Weekly and NBC last year

CenturyLink lands $1.6bn network services contract from US Dept of Interior

US operator engaged to help US agency achieve its mission to conserve and manage natural resources and cultural heritage

NCSC makes final call for entries to CyberFirst Girls contest

Entry to the National Cyber Security Centre’s CyberFirst Girls 2020 competition is about to close

cyberwarfare

cyberterrorism

Cyber Intelligence Sharing and Protection Act of 2011 (CISPA)

Cybercrime, Cyberwars, Cyberterrorism and Hacktivism

Please create a username to comment.