Preparing for the Worst – Data Center Cyber Attacks
Preparing for the worst is something that is a priority, or at least should be, for every data center. But, for data centers, there are many potential ‘worst’ case scenarios that could be encountered so preparing for each different type of threat can be challenging. A comprehensive data center infrastructure management and disaster preparedness plan should be in place for every potential scenario. But, a plan is only good if everyone knows what to do when the emergency happens. Facilities have fire drills or lockdown drills but there are other drills that every data center should conduct on a routine basis – cybersecurity drills.
Data Center Disaster Preparedness
Cybersecurity is a massive threat to the public and private sector and in data centers where sensitive and critical information is often stored, cybersecurity must be effectively protected. We have all seen emails from banks, major corporations, retail stores and more than alert their customers to a security breach that has now left their sensitive information exposed to potential theft. That is the last email anyone wants to receive and certainly the last email that any company or data center wants to send.
Cybersecurity preparedness involves many different facets including a comprehensive evaluation, a checklist of what to do in a variety of different cybersecurity breach scenarios, and ultimately, everyone needs to actually practice what to do. Data Center Knowledge explains the importance of having a cybersecurity breach plan and the need for proper practice and drills to prepare all employees, “Too often, cybersecurity preparedness is a checklist. Are there backups? Check. Is there a firewall? Check. Is there off-site cloud failover? Check. Is there a disaster preparedness plan? Check. But until those systems are tested under real-world conditions — or as close to them as possible — you won’t know that everything works the way it’s intended to. “The number-one question asked by regulators after a data breach is whether the target company has an established breach response plan, and if so, whether the plan was ever practiced in advance of the breach,” said Ananth. And the technology is only half the battle. In a disaster, people panic. Lines of communication break down. People forget what they’re supposed to do, make mistakes because they’re in a rush, or just hide and hope that the problem goes away. Disaster preparedness plans go out of date quickly as people move around and as infrastructure is reconfigured.”
Data Center Cybersecurity Drill Importance
Thought a cybersecurity drill may seem like a nuisance, it is an important and necessary nuisance. And, while it can certainly be a challenge to not only put your data center through a cyber attack drill as well as get customers to participate in the drill, it will ultimately prove immensely beneficial. There is more than one type of cyber attack to simulate in order to be more thoroughly prepared so it is important to test large-scale and more segmented attacks. What often arises during a cybersecurity drill is the awareness of unforeseen security and response gaps. By identifying those gaps, you can make the necessary adjustments before a cyber attack occurs so that you can either avoid an attack or have a more swift and effective response when one occurs.
During a cybersecurity drill, it is important to assess response timing on multiple levels. How quickly do individuals and teams respond and either thwart or mitigate a cyber attack and also how quickly are you able to inform customers of the most current and accurate information? So often, there is mass confusion during a cyber attack and determining how to respond in a coordinated and effective way can be more challenging than if something like a fire happens. If a fire happens you can see it and you know to get out of the building and get the fire put out. If a cyber attack happens – where do you start? EY emphasizes the importance of rehearsing various cyber attack scenarios and ensuring that everyone knows what their response role is in the event of an attack, “While every incident is different, a typical response plan follows a structured approach. This starts with detailed planning and preparation, which includes testing capability through simulation exercises. Once an incident is identified, it is triaged (categorized and classified) and initial steps are taken to contain the impact. An investigation into root cause is commenced and, once possible, steps are taken to remediate the issue and bring the organization back to a stable state. A key step that is often skipped is following up after the incident with lessons learned to enable long-term improvements in both the response process and the organization’s ability to sense, resist and react in future. The capability to react rapidly to a cyber attack helps to minimize the possibility of long-term material impacts…A response plan solely focused on and run by IT is destined to fail. An effective response involves all aspects of the organization, from the CEO, to HR, general counsel, media relations and IT, among many others.”
Establishing a Chain of Command and Crisis Communication Plan
What is the chain of command? How is information shared between departments in the event of a cyber attack? All of these questions must be asked so that people can know exactly how things should flow efficiently when an attack has been identified. For this reason, it is important to develop a crisis communication plan that works as a flowchart of sorts. When everyone knows who they need to communicate with it eliminates confusion and the spread of misinformation. Data Center Knowledge explains how a cybersecurity drill should involve the most comprehensive collection of staff throughout the organization possible, “Finally, the disaster response drills shouldn’t be limited to just technical personnel. If a cybersecurity disaster has the potential to affect a company’s reputation and cost it customers, then senior business executives may need to participate. ‘Business execs are often under the spotlight during times of an attack,’ said Malik. ‘Therefore, they should understand what the drill looks like, what steps are being taken, and how, so that they are prepared.’ If there’s a likelihood of bad publicity or compliance issues, then legal, compliance, and public relations personnel may need to be involved. Responders should also be prepared for the possibility of a disaster that’s beyond their capabilities to handle, said Wayne Lee, senior cybersecurity architect at West Monroe Partners, a Chicago-based business consulting firm. ‘Security professionals should always have contact information ready for law enforcement, outside counsel, cybersecurity insurance, and specialized forensic firms,’ said Lee.” And, any outside vendors that your data center works with should be participate in the drill or have emergency response information and plans in place that you can implement into your cyber attack drill. The quicker, more accurate, and more efficiently you are able to communicate, identify the cyber attack problem, remediate the problem, and begin to restore normal operations, the more less damage and loss your data center will experience. And, the better your data center will look to customers who have been impacted when you inform them that a breach has occurred.
Preparing to Notify Clients of a Data Center Security Breach
The longer it takes your data center to disclose a data breach to your customers, the worse it looks and may lead to business and revenue loss that could potentially be detrimental to your data center. A swift, honest and accurate response that outlines the precautions taken against cyber attacks, as well as the actions are taken once the cyber attack occurs will reassure customers that you are doing everything in your power to protect sensitive information. For that reason, it is important that you draft potential response templates in advance so that you can quickly adjust information if a breach occurs and swiftly inform your clients. As the old saying goes, ‘fail to plan, plan to fail’ – and that is certainly true for data center cybersecurity. The more comprehensive a cyberattack response plan is, and the more practice that is undertaken in the form of drills, the better. Through cyber attack drills, your data center will be able to better anticipate potential weak points in your existing cybersecurity and be able to more swiftly and effectively respond if a cyber attack occurs.