Future attacks could have more significant ramifications, though, including the attempt to retrieve more dangerous identity information such as Social Security numbers. In a recent panel discussion at the Kaspersky CyberSecurity Summit, Steve Adegbite, senior vice president of enterprise information security oversight and strategy at Wells Fargo, hinted that attackers may well be attempting to penetrate where the data is -- implying that new cloud technologies and data warehouses, as well as weaknesses in emerging technologies embraced by larger companies, could well be future targets for attackers.
Where cyberattacks will occur also pertains to the location of your enterprise. Threats in the United States will have a different profile than threats in Europe. Location matters in this equation. Take some time with your team to assess where cyberattacks are likely to be directed across your enterprise. Understand what may now be at an increased risk of attack, especially relative to the past.
3. Lobby for Budget to Defend Against, Mitigate Cyberattacks
IT budgets are no goldmine. CIOs have been used to having to do more with less for a long time now. If you've sung the praises to your management group about how you can save money by, for example, moving to the cloud or consolidating and virtualizing many servers, you might find yourself with reduced budgets and reduced headcounts -- right as the storm of cyberattacks threatens you. This isn't a preferred position.
Unfortunately, cyberattacks aren't only damaging. They're expensive, not only in terms of the cost of services being down but also the expense directly attributable to mitigating and defending them. Vendors with experience in reacting in real time to cyberattacks and mitigating their effects are tremendously expensive, both at the time of the event and hosting data during periods of inactivity in order to be prepared if and when an attack occurs. Purchasing the hardware and software necessary to properly harden your systems is expensive. This is an important line item, an important sub area, in your budget for which you need to account. Consider it insurance on which you will almost certainly collect.
Also, look for products and technologies rated at EAL 6+, or High Robustness, which is a standard the government uses to protect intelligence information and other high-value targets.
Bottom line: Don't cannibalize your budget for proactive IT improvements and regular maintenance because you've failed to plan for a completely inevitable cyberattack.
4. In the Thick of an Attack, Ask for Help
When you're experiencing an attack, you need good information you can rely on. Others have that information. In particular, look for the following:
Join information-sharing consortiums that can help you monitor both the overall threat level for cyberattacks and the different patterns that attack victims have noticed. For example, the National Retail Federation announced a new platform to share information and patterns that aim to arrest the data breaches the industry has recently suffered. Financial services companies have set up an informational network, and other regulated industries often have a department of the governmental regulatory body that can serve as a contact point to help prevent this kind of illegal activity.