"Practice makes perfect" doesn't apply only in sports

Oct 10, 2012 09:03 GMT  ·  By

The old saying “practice makes perfect” applies to all domains, not only the ones – such as sports – where it’s clearly needed. Practice is also very important when it comes to information security and protecting an organization against cyberattacks.

Inspired by NBA star Allen Iverson’s 2006 speech about the difference between a game and a practice session, in which he emphasized the fact that the latter was less important, Solutionary experts wrote a small advisory.

“The ability to do business and pass information from one place to another has also granted the capability for bad guys to remotely touch you. It is a great start to have security policies and procedures regarding your positions and actions. But it’s better if you continuously practice those same positions,” Solutionary’s Erik Barnett wrote in a blog post.

Barnett advises organizations to simulate various cyber security scenarios, such as a denial-of-service (DOS) attack on their public website. It can start with a simple “dry run” or “walkthrough” in which the attack response steps are enumerated.

“Eventually, you can work your way to practicing a real time situation of that same scenario. This should be a part of your overall security operations activities. Not only does it lead to consistency, it will also improve the efficiency and accuracy of your team,” Barnett concluded.

This small advisory reminds us of the recent attacks that targeted United States financial institutions and the issues the companies had to deal with as a result of these cybercriminal operations.

We couldn’t help but wonder if the outcome wouldn’t have been somewhat different if these organizations had practiced scenarios in which their public-facing systems were attacked by an unknown enemy.

Considering the magnitude of these attacks, it’s uncertain if they could have done anything to keep their websites alive – although many specialized companies would probably argue that the attacks could have been mitigated –, but they surely could have addressed the issue better as far as their panicked customers were concerned.