As many are aware over the weekend of July 4th, it was reported that a number of US government and South Korean sites were attacked. Although the Pentagon and Whitehouse were able to withstand the cyber attack many other US governmental departments did not have adequate defences and were down in some cases for days.

The cyber attacks involved a 50000-60000 systems botnet which was directed at the government sites to cause a denial of service. Although it is suspected that the North Korean government may be behind those attacks, the attack itself really reveals a need for several components in a country’s cyber defence system.

1. A forensic capability to identify who exactly the attackers are. With Cybercrime still on the rise and botnets being created for sale to criminals and terrorists, it is absolutely urgent for the brains of the security community to get together and devise a methodology to locate the perpetrators and to see where potential botnets are being built.

2. It is essential that the global community shares their security defence strategies as when one part of the eco-system goes down it impacts on all the others.

3. Every person round the world makes a difference in cyber warfare. Once their PCs are compromised they become part of the botnet. So it is important that countries and organisations educate not just their employees, but children and anyone who could own a device about security to prevent those devices from becoming part of a botnet that could be used to attack organisations and governments round the world.

For the second reason, it is ironic that many large organisations still have no security awareness in place or pay lip service to security awareness programmes. It is not a difficult thing to integrate interesting articles into their in-house magazines and induction programmes and there are a lot of tips not just on the SecurityVibes site but all over the net.

References
SecurityVibes Article: Security Awareness Initiatives: Top Lessons Learned from CISOs 2
SecurityVibes Article: Security Awareness Initiatives: Top Lessons Learned from CISOs 1
SecurityVibes Article: Barclays Award Winning Security Awareness Videos
SecurityVibes Podcast: James Gay, CISO for Travelex on User Education
SecurityVibes Podcast: Cabinet Advisor on the Wisdom of Money for Security
SecurityVibes Article: Going for a coffee? Lock Your Desktop First