When Storms Hit – Another Dimension of Cybersecurity

When Storms Hit – Another Dimension of CybersecurityHurricane Sandy's windy and soggy punch against the Northeast is a reminder that clouds don't just mean virtualized storage and processing capability offered via the Internet. There are real clouds in the sky, real storms – and sometimes, real disasters.

Preparing for natural disasters is another important aspect of cybersecurity. Because no matter how virtualized the technology is, information ultimately is stored somewhere physically, and is transmitted to where it is needed by physical devices. All of which are potentially subject to physical damage.

Natural disasters need not be catastrophic to cause severe disruption. A flooded basement could be enough to knock out a data facility – and possibly cause permanent loss of data. Even the mere threat of a natural disaster can be disruptive. For example, US financial markets closed on Monday due to the imminent arrival of Hurricane Sandy.

If all these cyberspace consequences of natural disasters were not enough, there is one more: Cybercrime frauds thrive on misfortune. The more severe the real-world consequences of a natural disaster, the greater the opportunity for fraud. Hurricane Katrina and the tsunami in Japan, for example, both triggered a wave of fraudulent appeals for money, posing as messages from legitimate charitable organizations such as the Red Cross.

Accounts of disasters, spread virally by email and social networks, can also serve as convenient vehicles for transmitting virusus and other malware.

All of which should be a reminder that cyber-security has multiple dimensions. For companies and other organizations, a risk-based information security policy should include provisions for the direct and indirect consequences of natural disasters. Do you have contingency plans ready if onsite facilities or important Internet services go down?

For individuals, information security includes being wary of frauds manipulating our concern for disaster victims. And organizations and individuals alike should consider such measures as having crucial data backed up both locally and in the cloud.  

Good security can't prevent harm from natural disasters, but it can minimize the consequences. Don't be caught unprepared.

The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: "Security is not a product, but a process."