No business sector is immune from the threat of a cyber attack.
Scattered Spider is just one example of an organized group that has initiated attacks within different industries, including two US casinos in 2023 and Transport for London last year, before a high profile cybersecurity breach involving Marks and Spencer earlier this year.
Virtual Chief Information Security Officer at Thrive.
According to Duke’s CFO Global Business Outlook, more than 80% of companies indicate their systems have been successfully hacked in an attempt to steal, change or make public important data.
To prepare for what now seems to be an inevitable reality, there are three questions that every business needs to ask itself today.
Question one: If an event happened today, how would it impact us?
Hackers are now deploying nefarious means for their own financial gain.
Criminals aren’t just looking to open up entry points into a business network and deploy ransomware by sending out phishing emails anymore.
In Hong Kong last year, a finance worker paid out $25 million to fraudsters after believing that a deepfake on screen was the company’s chief financial officer.
This is just one example of significant financial losses that can result from such events, alongside data loss and a level of reputational damage among customers and the wider public that might take significant time and effort to win back.
Businesses therefore need to consider the potential impact from a holistic sense, incorporating internal departments and external stakeholders.
As part of the solution, cyber security training needs to move to the top of the C-suite agenda because humans remain the weakest link.
The good news is that more advanced programs are starting to be orchestrated, which train staff on the ways to spot emerging threats such as deepfakes and on how prevent a potential event from escalating.
Early detection technologies are also in place to spot the real threats in-amongst the noise of the internet.
Question two: How could we maintain operations while the event is going on?
If data has been lost, and a company doesn’t have a backup of that data, it doesn’t have anything to recover to.
Granted, lots of organizations now have cloud backups with Amazon, Google or Microsoft, but a separate backup of that cloud data with a specialist third-party can provide that added peace-of-mind.
This can bring critical applications back online as soon as possible after a cyber incident.
Technology such as backups are central to keeping operations running, but so is communication and maintaining a personal connection with customers and the public.
The recent Marks and Spencer cyber-attack saw the CEO initiate timely communications via digital channels. It’s important that openness and honesty is deployed within the first couple of days after an event, as it could make the difference in keeping or losing the trust of customers, investors and the public.
This level of transparency following an event is also needed in reporting. It’s vital to demonstrate to a regulator or investor that the relevant action has been taken following a breach.
To support in-house teams in being fully prepared to deal with incidents and deliver timely communications, incident response retainers can offer immediate access to expert assistance.
Question three: How long would it take us to restore operations to normal?
IT management and cyber teams need to sit down with the board and decide which main applications need to be recovered within, say an hour, before working to bring all other services back online.
For example, it might be financial systems that are needed for paying salaries to employees or invoices to suppliers, which simply can’t wait.
Luckily, with cloud backups, restoration back to normal isn’t a hugely lengthy process nowadays. Again, it’s the human element that really makes the difference to aspects such as recovery time.
There needs to be accountability woven into the business, with at least one knowledgeable person, perhaps an advisor, who can lend their expertise to the C-suite on best practices.
This person can help address questions such as: How could a risk occur? How can we ensure it doesn’t occur? If the worst does happen, who will oversee the restoration process?
It’s also important that this designated person maintains relationships with third-party cyber security providers to streamline restoration projects. Third-party providers can also act as key support pillars, helping to protect designated experts from burnout.
Cyber security as a board-level imperative
No organisation can afford to take a passive stance on cyber resilience.
Cyber security has moved beyond being a concern for just technical teams and has become a major business imperative at board level.
The risks are clear, the methods are evolving and the consequences, both financial and reputational, can be severe.
Security is a business decision and every organization should know their current cyber posture. That means asking themselves the right questions now so they can move from a reactive to proactive stance.
It’s crucial to understand the full impact of a potential breach, ensuring continuity during an incident and putting clear, accountable recovery plans in place. It’s about building the resilience to respond effectively, recover quickly and protect business operations.
We list the best IT infrastructure management service.
LINK!
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.