This post is also available in: heעברית (Hebrew)

By Yair Mohr

7620225_sThis time the “Defenses” held. But all the experts expect more attacks and with more force.

The experts are getting ready for the next offensive and they are worried.

Having successfully defended themselves last week against ‘Anonymous’ that threatened Israeli websites with plans to “wipe them offline”, cyber defenders in Israel are breathing a sigh of relief.  But that doesn’t mean that Government or businesses sites are safe from future attacks. Unlike OpIsrael, which was evidently conducted by a scattered group of ‘hacktivists’, the ongoing attacks that Israeli companies and authorities are and will be facing are far more organized.

“In the last few years, there has been a methodological change in attack patterns. If past attacks were broad and unfocused, present ones have become extremely targeted”, says Shlomi Boutnaru, Manager of COE (Center of Excellence) Cyber & Security, Matrix. According to Boutnaru, “Hackers today don’t just momentarily launch an attack. Instead, they first observe the targeted organization to find its soft-spots. The attackers then use alternative approaches like fishing e-mail to get past traditional security systems thus rendering them obsolete.”

“In order to withstand attacks”, says Boutnaru, “organizations need to be prepared for them. We always say that the first attack an organization faces doesn’t have to be a real attack. The preparations we recommend include procedures and personnel training, while taking into consideration the fact that not all of them will be necessarily available when something happens.”

The first stage that Shlomi Boutnaru recommends is to map everyone who can be of use in case of attack. Each organization should make a list of the most critical scenarios it might face and to list the people needed to deal with each scenario. Everyone should know what their job is in each scenario, and most important – what their job isn’t to do. In this way, arguments are avoided.

The next stage would be to divide the response team in two groups, one to contain the attack, and the other to investigate the attack, its purpose and its method. This division helps in stopping the event as soon as possible.  The first team responds to every level of the attack in real-time, while the second tries to one-up the next stages. After the attack is stopped, the second team moves on to investigate the breach that made it possible.

Last but not least, Boutnaru stresses that it is wise to have a hard-copy of all necessary procedures, as it doesn’t help to have them in the network when it is down.