15/03/2018
Even if we look past industry figures on frequency of cyber attacks, it is reasonably evident that cyber attacks are increasingly causing significant disruption and damage to businesses brand and reputation.
Consequently, instead of asking "Is my business secure?" business executives must pose the question is, "Is my business prepared to timely detect and swiftly resume business operations during and after a cyber attack?"
Building a Cyber Resilient Business
Raise Management Awareness:
The most effective line of defence against cyber attacks remains us humans and as the old adage goes, business leaders must lead by example. A first step must be to educate all levels of management and business executives. This approach creates an informed and confident management layer.
Detect Early, Respond Swiftly:
A practiced cyber criminal has one primary objective above all. Persistence; the act of obtaining permanent residency in your IT systems, your company laptops and mobile phones.
The opportunities are abundant once persistence is achieved. The criminal can observe and learn how you operate, stealthily steal your confidential data or sell access to your computer systems to other cyber criminals.
- Build your Organisation's Normal: a US firm became suspicious of an employee who was achieving all objectives despite spending his office time watching YouTube videos of cats. On investigation, they discovered that he had outsourced his work to an individual in China who logged in with the credentials of the US employee and completed all assigned tasks.
- Ask yourself the following:
- Can you detect similar abnormal activity taking place in your business? For example, would you receive an alert of suspicious behaviour if your CEO, CFO or senior partner's user account logged in at at an unearthly or abnormal hour?
- Are your employees allowed to log in from more than one location at the same time?
- Do you know if your third party is monitoring its employees for such anomalous activity, and that it has clear and defined behavioural policies?
Ask for Complete Visibility of your all IT Systems:
Endpoint visibility enables an effective early detection system by allowing you to swiftly pinpoint infections, like ransomware contagion. Early detection in ransomware attacks:
- Can mean the difference between complete business disruption and normal operations.
- Enables you to provide factual reporting to the regulators on exactly how a breach succeeded.
Prepare for the Golden Hour:
A logical window in which the decisions you make and consequent actions you take determine the final outcome to your business. It is during this period where employees, under pressure, inadvertently make blunders, such as accidentally deleting crucial evidence, making unplanned or hurried configuration changes that further weaken the IT systems and quite simply, forgetting to take basic precautions.
To ensure that you suitably manage the "golden hour" during and after an incident:
- Ensure you create easy to understand and scenario-based playbooks (checklists) that can be easily referred to.
- Ensure you have the systems in place to capture all steps that all employees take.
- Ensure your response is consistent and repeatable. The objective being that you could place a new or inexperienced employee and he/she could take the exact same actions as the experienced member of staff.
Trust the Experienced Executives:
Safely and effectively responding to cyber attacks and breaches requires experienced executives who can steer the ship on choppy waters. Seek to hire an in-house Information Security Executive. If you don't have the requirement or the budget for a full-time employee, consider a partnership with firms that offer virtual information security managers who can become an extension of your business. Often, this model works out better as the business is able to tap into the experience of well-established and skilled executives at a fraction of the price of hiring a full-time employee.
Related Training: Cyber Security Training
AUTHOR: Amar Singh