A friend of mine sent me this cool video on an attack on a hear of water buffalo in Africa.  It is a fascinating piece of video footage and shows how unpredictable and savage Mother Nature can be at times.

After watching the video for a few times I could not help but draw parallels between the way the buffalo herd were attacked and how they responded to how many companies suffer cyber attacks and how they respond.

So while watching the video ask the following questions and see if they also apply to your company. 

• The herd approaching the waterhole could be compared to a company entering into a new market, taking on a new service or trading for the first time on the Internet.  Were adequate risk assessments taken as to what the potential risks were?  Were there adequate protections in place to manage those risks?
• The buffalo herd did not detect the waiting lions until it was too late.  Have you got appropriate detection and early warning systems in place to ensure you can respond in time to an attack?
• Like all attackers, the lions picked on the weakest vulnerability.  In this case the young calf.  Yet in nature the young are probably the most valuable assets as they ensure the continuation of the species.  This valuable asset which also had the weakest vulnerability was placed in a situation where it did not have adequate protection, i.e. in the middle of the herd.  How well protected are your most valuable assets?
• When the calf was attacked there were little or no protections in place.  In fact the buffalo minding the calf turned and ran away leaving the calf to fend for itself.    Has your company properly identified all the vulnerabilities and threats posed to those assets?  Have you got proper protection mechanisms in place to defend against attacks on those assets?
• As in cyberattacks another predator took advantage of the weak security and launched its attack.  The crocodile nearly managed to wrestle the calf from the lions’ grasp.  So what have you got in place to ensure that when responding to an attack you do not leave yourself exposed to another attack from a different threat agent?
• When the herd does respond to the attack it is a slow cumbersome process.  I was nearly screaming at the screen for them to move quicker to save the calf.  When they did manage to get to the lions the calf was rescued and then placed into the centre of the herd for protection.  How quickly could your organisation respond to an attack?  How good is that response?  Have you tested your incident response plan to ensure you could deal quickly with a breach?
• Finally the big question that remains unanswered in the video, did the calf survive?  I am sure that it suffered some serious injuries in the attack and it is unsure whether or not it could survive from them.  Also does that herd now have all its calves in the middle for protection from now on or could the same thing happen again?  So how well could your organisation survive an attack?  What is the level of damage that could be inflicted on your organisation before it proves fatal? How well does your organisation learn from incidents?  How confident are you that a particular attack vector will not be exploited again once you close off the incident?

It really is an amazing video and one that I will watch time and time again.  I would be very interested though for your feedback and thoughts on incident response and whether or not my obersvations are valid or indeed if there are any points I missed out.

Update 7/1/08

Thanks to Pat who pointed out to me that this video is title the “Battle of Kruger”