1. Assemble a crisis team
Unavailability of services for customers can not only spark outside concern, but also inter-organisational problems if DNS services are targeted. As soon as disruptions are noticed, a crisis team should be assembled by the security department. The aim of the crisis team should be to gather information on the origin, nature and targets of the attack(s).
2. Assess and determine plan of attack
The team needs to completely identify the attack and evaluate how to stop it. There are two avenues which can be tried:
- Engage the Internet service providers (ISPs) to block traffic that could be linked to the suspected threat.
- Strengthen local defences by enhancing and editing configurations of firewalls and server detail.
3. Apply Blocking mechanisms
Once the attack has been identified the team should contact operators and request origin tracing to commence, and apply any available blocking mechanisms. This should help prevent future attacks from the same instigator.
The key thing to keep in mind when assessing the Government's reports is that these are the trends and insights from our very own organisations. What is reflected is going to affect each and every one of us in some way, so it's important to be informed, prepared, and ready to act.
Sign up for CIO Asia eNewsletters.