Researchers Claim Correlation Between Terror Attacks, Cyber Activity
When compared against the attack methods, he said it would be possible to determine what steps to take following a major terrorist attack. Zandani said that organizations can work with their ISPs to prepare for an expected distributed-denial-of-service attack, and to take steps to prevent defacement of their Web presence. He also suggests that this would be a good time to reinforce training on how to combat phishing and other social engineering attacks. Organizations should also harden their security incident management rules and prepare their security operations center in advance of the expected increase in activity. Anti-ISIS activities carried out by military and intelligence services and by Anonymous will also have some limited effect on other organizations, but mostly because of potential network congestion if they launch a DoS attack against ISIS or an affiliated group.Perhaps the best lesson that can come out of the preparation for a cyber-attack is that it will demonstrate whether your organization is actually prepared to effectively manage such an event. “It shows where you need to invest more resources,” Zandani said. He also noted that companies can use the changes in cyber-activity to fine tune their security alerts and responses since they know that there may be a predictable increase for a three-week period after an attack. Right now most of the change in activity seems to be focused on Europe because that’s where the increase in ISIS-sponsored terrorist attacks is taking place. But Zandani said that such activity is a good reason to start beefing up your defenses wherever your organization operates. For example, he noted that investing in improved logging systems would provide better alerts when a cyber-attack does take place. While there's nothing most organizations can do in response to the terror attacks if they weren't directly affected, there's a lot they can do to prevent or mitigate the cyber-attacks that may follow. The day or two gap between the terror attack and when the related cyber-campaign starts ramping up is enough for most organizations to make sure their defenses are in place. As tragic as those terrorist attacks may be, there's no need to sit still for a crippling follow-up cyber-attack if you can prevent it by taking advantage of the warning that the attacks provide.
Unfortunately, the level of cyber-attack activity immediately before and after a terrorist attack can tell you only so much. The reduction just before an attack does not appear to be location-specific, so predicting a terrorist attack on the basis of such activity is unlikely. In addition, Zandani said that there are similar patterns before and after other major activities, such as the NFL Super Bowl held in February and perhaps before and after major elections.