Adrian Crawley’s five steps for managing cyber attacks during the Brazil World Cup.
Despiter longing to be in the stadium when England win the World Cup in Brazil, I’ll be watching many of the live games at home with my family and catching mobile highlights on my journey to and from work.
I won’t be alone, as it’s the next best thing to having a ticket. Although, getting a ticket hasn’t exactly been easy.
In May, StubHub, an online ticket provider owned by Ebay, was the victim of a massive distributed denial of service attack (DDoS), shutting down the site to Brazilian customers.
It’s not uncommon as more events succumb to attacks. Most recently, the intensity increased when the ‘hacktivist’ group Anonymous publicly stated its intention to wage war on World Cup sponsors in socio-economic protest.
However, such a public statement doesn’t mean that other organisations are immune.
Anonymous’ activity during London 2012 leads us to believe that broadcasters, streaming providers, ISPs, hosting organisations and power suppliers should all expect to be hit.
The threat is real.
Anonymous is serious about its political message and it will deliver it. Attempts will be made to hijack and deface web pages to post political messages.
Its ‘hacktivists’ will endeavour to disrupt power, interfere with transmission and bring websites down.
Websites will be deluged with fake users so that live match streaming slows right down to make viewing a painful experience.
With such havoc on the cards, putting in place the following steps is vital for network resilience, to protect brand reputation, maximise audience numbers, and protect lucrative advertising deals.
Know your enemy Getting the latest information is critical. However, interpreting it can be tricky not to mention time consuming so follow a reputable source like The National Crime Agency that does the legwork for you. It issues warnings and the severity of the threat. A good security partner should also alert you with specific advice on what to do.
Check your network security can withstand the latest attack tactics As many as nine different attack methods may be used concurrently for weeks at a time. Check your network is resilient to withstand this. Also ensure your network is not set to ‘fail over’ which would open up the core network to attack.
Check for resilience and plug the gaps Will it detect a legitimate user and block the fake ones? How strong is your web application firewall, will it protect the website from attacks on the network’s application layer? Have the suppliers you rely on for hosting, power and mobile streaming got watertight plans in place?
Monitor for unusual patterns Anonymous is known to test its attack tactics before launching the assault. Spotting unusual activity on the network will help you prepare for an assault. Ensure your team knows how to assess and respond. Partner with a security specialist who can bolster your skills.
Beware the mob Be vigilant for ‘mob’ hackers who will take advantage of the hard work done by Anonymous using the open door to steal customer data and intercept financial transactions. It’s estimated the financial repercussions for Sony amounted to $1 billion after customer information was stolen when it was attacked. The fine alone was £250,000.
- Adrian Crawley is regional director for the UK and Ireland at Radware