Building a Cyber Resilient Business by Amar Singh, CEO & Founder, Cyber Management Alliance Ltd
Instead of asking ‘Is my business secure?’ business executives must pose the question is, ‘Is my business prepared to timely detect and swiftly resume business operations during and after a cyber-attack?’
Raise management awareness
The most effective line of defence against cyber-attacks remains us humans and as the old adage goes, business leaders must lead by example. A first step must be to educate all levels of management and business executives. This approach creates an informed and confident management layer.
Third party due diligence
Today, most businesses outsource some, if not the majority, of operations of their IT infrastructure, applications and web hosting. Third parties not only pose a significant risk by means of being the cause of a cyber-attack, they also play a significant role in various aspects of breach management and response.
Consider the below steps in your Cyber Incident Planning & Response action plan:
- Contractual obligations in Business Continuity Planning (BCP) and cyber security:
Review the contractual obligations of your IT outsourcer when it comes to a cyber breach; Ask them what their uptime obligations are. Keep in mind a 99% uptime obligation means the following periods of potential downtime/unavailability for your IT systems: daily: 14m, weekly: 1h 40m, monthly: 7h 18m, yearly: 3d 15h 39m.
- Skills and capabilities:
Seek evidence that staff has requisite skills to:
Detect the early signs of various kinds of attacks;
Validate and ascertain the severity of an attack; Effectively manage and respond to an attack.
- Forensics and Chain of Custody:
Ensure your IT outsourcer and key employees fully understand key concepts like Chain Of Custody, evidence collection and evidence integrity; Do they have a robust forensics policy?
Detect early, respond swiftly
A practiced cybercriminal has one primary objective above all. Persistence; the act of obtaining permanent residency in your IT systems, your company laptops and mobile phones.
Once persistence is achieved the criminal can observe and learn how you operate, stealthily steal your confidential data or sell access to your computer systems to other cyber criminals.
- Build your Organisation’s Normal: a US firm discovered that one of their employees had outsourced his work to an individual in China who logged in with his credentials and completed all assigned tasks.
- Ask yourself the following:
Would you receive an alert of suspicious behaviour if your CEO, CFO or senior partner’s user account logged in at an unearthly or abnormal hour?; Are your employees allowed to log in from multiple locations concurrently?; Is your third party monitoring for similar anomalous activity?
Ask for complete visibility of your all IT systems
Endpoint visibility enables an effective early detection system by allowing you to swiftly pinpoint infections, like ransomware contagion. Early detection in ransomware attacks:
- Can mean the difference between complete business disruption and normal operations.
- Enables you to provide factual reporting to the regulators on exactly how a breach succeeded.
Prepare for the golden hour
A logical window in which the decisions you make and consequent actions you take determine the final outcome to your business. It is during this period where employees, under pressure, inadvertently make blunders, such as accidentally deleting crucial evidence, making unplanned or hurried configuration changes that further weaken the IT systems and quite simply, forgetting to take basic precautions.
To ensure that you suitably manage the ‘golden hour’ during and after an incident:
- Ensure you create scenario-based playbooks (checklists) that are easy to access and understand.
- Ensure you have the systems in place to capture all steps that all employees take.
- Ensure your response is consistent and repeatable. This will enable you to place a new or inexperienced employee and he/she could take the exact same actions as the experienced member of staff.
Trust the experienced executives
Safely and effectively responding to cyber attacks requires experienced executives who can steer the ship on choppy waters. Seek to hire an in-house information security executive. If you don’t have the requirement or the budget for a full-time employee, consider a partnership with firms that offer virtual information security managers who can become an extension of your business. Often, this model works out better as the business is able to tap into the experience of well-established and skilled executives at a fraction of the price of hiring a full-time employee.