Friday, November 2, 2012

Hacking in a Hurricane

It occurred to me on Monday night, as I was sitting in the dark unplugged from the Matrix due to Hurricane Sandy, that attackers could take major advantage of weather related situations like hurricanes, earthquakes, etc for their own devious means. No, I'm not talking about Cobra Commander and his Weather Dominator, but it's a close second.

With the majority of NY and NJ without power attackers could have taken this time to launch attacks towards unprepared victims. At a time when companies in this area are most likely failing over their systems to other locations, and IT support is either out of power or are being overwhelmed with other duties, an attack could go unnoticed. Talk about adding insult to injury!!

Security monitoring needs to be considered as a major part of your business continuity program. We need to have people and resources in place to make changes and monitor your environment during and after a major catastrophe. Don't get me wrong, it sucks without power, but we need to make provisions to keep our guard up during these hard times.

We need to start thinking like criminals and understand that they're very opportunistic in nature and if they can make some money quickly, without being seen, they're going to do it. It's similar to criminals launching DDoS attacks as a diversion to even more malevolent activity behind the scenes.

This being said, my heart goes out to all those who were effected by this horrible storm. We need to have our priorities in place and keeping our families, friends and neighbors safe is on the top of the list. There is nothing more important than that, but we should have policy/procedure in place to continue our security posture during and after a catastrophe so we can focus all our energy towards what really matters.

No comments:

Post a Comment