Tips for Before, During, and After a Cyber-Attack


Whether you are an enterprise, e-commerce business, local organization, or government office – it’s merely a matter of time before you’re going to have to deal with a cyber-attack.

The question is what can you do before an attack to have adequate defenses in place?  Evaluating and selecting the best cyber-attack mitigation solution and vendor for your needs is a good place to start.  And like any business initiative, good preparation and planning can go a long way toward making the process as manageable, painless, and inexpensive as possible.

Organizations that engage in advance cyber-attack response planning are far more likely to limit potential damage and act in an effective manner compared to those that try to improvise their way through a cyber-attack-induced crisis.

Here is some more food for thought…

Considerations BEFORE You Are Hit By a Cyber Attack

 

Do


Don’t


Understand that no organization is safe. It’s not about if you will be attacked, but about when. Don’t implement a solution just for compliance purposes. Understand your security risks and needs. Remember: You always get what you paid for.
Make sure detection tools are optimally located. Remember: You can only protect against what you can detect. Don’t implement multiple detection tools from different vendors, unless these different tools are able to “communicate” with one another and pass relevant information for optimal detection and mitigation.
Make sure your security strategy is implemented into policies and procedures. Your staff should be prepared with clearly defined roles and responsibilities. Don’t pass on the idea of in-house counsel or a vendor’s Emergency Response Team. If you depend on an ISP vendor, know specifics.
Have an available and easy to locate list of people to contact when under attack.
If you are at risk of having a public website down, have a communication (explanation and/or apology) crisis plan.
If an attack does occur and your site and services are affected, communicate with your customers.  Hiding won’t help!

 

Minimize Damage and Interference DURING An Attack

 

Do


Don’t


Contact the in-house or vendor Emergency Response Team to make sure that the best decisions are carried out. If you depend on an ISP vendor, contact them immediately. Don’t panic. Manage it. (And yes, Radware is here to help you!)
Define the detection point, attack type and attack tool so you can decide on the best mitigation process. Don’t go it alone!  Consulting your in-house/provider’s emergency response team.
Make sure every step of the attack is documented. Don’t transfer traffic to the cloud scrubbing center unless you are close to pipe saturation.
Have a spokesperson ready to provide information to your customers during the attack whether through a blog post, social media or press reports, if necessary. Don’t ignore customers.  Someone else will be there to reassure them during the attack if you don’t communicate.

 

AFTER an Attack – What You Can Learn

 

Do


Don’t


Perform a damage control analysis. Review reports and forensics to learn what went wrong. This will better prepare you for future attacks. Investigate everything! Don’t for one second think that the attack is over and you can sit back and relax.
Optimize your security architecture.  Evaluate and adopt technologies, policies and solution strategies that can help you fight future threats. Keep communicating with your customers and the press.  Address them and manage the crisis.
Make sure reports and forensic information are available in case it is needed for law enforcement investigation.

 

As network attacks become more sophisticated and easier to execute, expect the number of attacks to continue to increase.  With that in mind, education about the stages of an attack is crucial and must become an important component of your defense strategy for attack management.  Perform on-going tests and evaluations of your systems and of the new technologies that are available in the market.  Verify whether your organization could benefit from an out-of-path implementation for some of your detection tools and consider evaluating the implementation of a hybrid solution to protect your organization during attacks that saturate the internet pipe.

See A Full Evaluation Checklist In Our DDos Handbook.

Werner Thalmeier

As a Solution Evangelist, Werner Thalmeier is responsible for driving Security Product Strategy for Radware in the EMEA region. Before joining our team, he headed the global product management team at M86 Security as VP of Product Management and was also previously VP of Product Management at Finjan. An active member of IT industry for over 20 years, Werner has gained extensive field experience working with vendors, customers, technology partners and resellers in various management and engineering positions.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center