Earlier this month, hackers believed to be working on behalf of the North Korean government launched cyber attacks directed at U.S. and South Korean government Web sites.

According to a report from the Associated Press, the attacks affected 11 different South Korean and U.S. Web sites, causing access problems as well as outages. Among the U.S. sites affected included the Treasury Department, Secret Service, Federal Trade Commission, and Transportation Department.

Government Web sites are not the only ones that have been vulnerable to attack. Highlighting the devastation web vulnerabilities can cause to an organization, TJX, the parent company of retailers T.J. Maxx and Marshalls, recently agreed to pay more than $9 million to multiple states following a massive theft of customers’ debit and credit card information. The retail giant has also reportedly entered into multi-million dollar settlements with banks that issue Visa and MasterCard credit cards to cover the costs that they incurred due to the breach.

In this “At the Frontline,” Jim Butterworth, a retired U.S. Navy cryptologist and senior director of cyber security for Guidance Software, discusses the steps that organizations can take to protect themselves from hackers, as well as how to respond in the aftermath of a security breach.

How do you protect your organization against an organized cyber attack like the one recently experienced by the U.S. and South Korea?

People just assume things are working and that their firewalls are doing their job. Not until you have something happen like this does it bring (cyber vulnerabilities) to the forefront. There are two things you have to consider, outside threats and insider threats. The insider threat could be an outside entity that has successfully penetrated your (cyber safeguards) and now has malicious software lying dormant in your network. These (viruses or worms) are remotely controlled and from a corporate standpoint, you have a responsibility to your peers to make sure that your network is protected in such a way that you don’t become an unwitting participant in an attack against them or your customers. You also have an obligation to your shareholders that information on your network is safe and you don’t have malicious code sitting there waiting to be activated. The best way to keep a robber from getting into your house is to make sure you have locks on the door, but what about when you invite the pizza man in? You just don’t think about the inside.