Wipfli Alerts & Updates: Don't Be the Next Cyber Attack Victim


September 16, 2014
Bookmark and Share

The news is once again both bleak and alarming:  A recent hacker attack on Home Depot has affected more than 60 million customers and is estimated to result in at least $2 billion in fraudulent charges and may even reach $3 billion.

This is just the latest in a string of several high-profile data breaches that include Target, JP Morgan Chase, Dairy Queen, SuperValue stores, Bank of the West, and the Healthcare.gov website.

Hacking activity is on the rise as criminals relentlessly look for payment card information and personally identifiable information that can be used for identity theft. Although retailers and banks are primary targets, no industry is immune. That includes any businesses using ACH and wire transfer services. Ransomware attacks are also prevalent and a constant threat, but such attacks seldom get reported publicly.

Many cyber attacks take advantage of weak passwords on entry points into the network, such as remote access systems. Others exploit target systems that are missing software security updates or those that have been configured insecurely. If they’re successful and your organization becomes victimized, the overall costs of recovery can be astronomical in terms of actual dollars lost, the investment it requires to repair the damage, and the costs to repair your reputation.

Now is a prime time to examine your potential risks.

Protect your computer systems and data.

Criminals are ruthless, and organizations must be vigilant in their defense. An in-depth strategy can help prevent or detect cybersecurity attacks. It also can help minimize the impact through well-defined response capabilities.

Know what you have:

  • Inventory your systems. Include servers, workstations, laptops, tablets, other mobile devices, and networking equipment. Don’t forget hosting providers or cloud service providers.

  • Identify the location of your sensitive information. In databases, on hard drives, in e-mail, on mobile devices and portable media, and in Microsoft Office files.

  • Identify all entities with which information is shared (for instance, business partners and vendors).

Consider which threats apply to your assets:

  • Examine recent industry-reported breaches. Could these incidents happen to your organization?

  • Review past events within your organization. Could the weaknesses you are aware of be exploited to gain access to sensitive information?

  • Review audit results or the results from security testing. Are you vulnerable?

Identify safeguards in place.

An in-depth strategy must include safeguards that can help prevent, detect, and recover from an attack. Can you answer yes to all of the following questions for each of your critical systems and related data?

  • Do you patch your systems in a timely manner?

  • Does your organization use strong passwords?

  • Do you restrict access to critical systems (firewalls, strict-access control lists)?

  • Do you limit remote access and use two-factor authentication?

  • Do you use current antivirus software on all systems?

  • Do you have audit logs of activities on your network, servers, and critical applications so as to detect unauthorized or suspicious activities? Do you use intrusion prevention/detection systems?

  • Are critical equipment and data physically protected?

  • Do you encrypt data stored on your network? Do you encrypt data that is sent or received from outside your network?

  • Have you tested your network and critical systems for vulnerabilities? Have major weaknesses been addressed?

  • Do you have current policies and procedures that spell out your security safeguards?

  • Have you trained your staff on your security policies and procedures, safe computing practices, and what to look for in various types of attacks? And how to report them?

  • Do you have an incident response plan? Have you tested it against likely incident scenarios?

  • Do you have a data backup and recovery plan? Have you tested your recovery capabilities?

  • Have you explored additional safeguards for cyber defense, such as SANS Top 20 Security Controls or PCI Data Security Standard?

If you answered yes, the next question is, how do you know these safeguards are being maintained over time? Evaluating risks should be an ongoing process. Formal analysis should be performed at least annually, with ongoing status updates and revisions for major changes to your network, systems, and business processes.

If you answered no to any of the questions above, we strongly encourage you to consider addressing those areas as soon as possible.

In all, your answers should be grounded in reality, and safeguards must be tested to ensure they are indeed working as intended.

For help assessing and testing your security controls against cyber attacks, contact Paul Johnson at 651.766.2895 or pjohnson@wipfli.com, or your Wipfli relationship executive.

View all