The best practice for securing the enterprise against a broadening cyberterrorism landscape is to step up employee and contractor security training. "You can have a moat around your facility but if your employees and contractors don't understand your security practices, they can become insider threats or allow threats into your facility, either virtually or physically," says Tendell.
CSOs need to have their people take a step back and analyze threats in a holistic manner. Using an example from a consultation, Iadonisi illustrates how to do exactly that: "A Fortune 250 CSO asked me, saying, I manage 25,000 computers around the globe. How do I even begin to broach the subject of cyberterrorism?' I responded with a scenario with three different ongoing events."
In that scenario, the enterprise experiences a cyber-event where terrorists are probing the network they want to hack. Simultaneously, the enterprise's C-level's kids have been receiving strange friend requests on Facebook. At the same time, people are organizing protests in front of a couple of the enterprise's stores.
Typically, a company would look at that scenario and send the physical security team to take care of the protest. They would send the marketing team or the security people to take care of the Facebook issue, and they would send IT to take care of the attacks. But, they would view it as three unrelated incidents. "I go in and train people to understand that in many cases these events are interrelated. For the first time, the separate enterprise teams work together. That's what I told the CSO," says Iadonisi.
Further resources for CSOs and CISOs who want to dig deeper into cyberterrorism include security blogs such as Krebs on Security and Dark Reading and organizations such as the Sans Institute. "Form alliances with people who can feed you the appropriate information. Get involved in LinkedIn groups and in forums dedicated to these issues," says Tendell.
Sign up for CIO Asia eNewsletters.