Cybersecurity is exposed to a vicious cycle: where innovation is born, risks quickly emerge. Naturally, it’s impossible to make progress without encountering new challenges.
To make matters worse however, unlike with physical security, where breaches are limited by proximity to the target, on the internet, everyone is your neighbour. This substantially widens the pool of potential adversaries.
The cybersecurity industry is therefore faced with an almost insurmountable task: protect businesses from enemies who could attack from any direction, under any pretence, at any time. Thankfully, as cybersecurity has become a company-wide responsibility – with boards taking a far greater interest in the day-to-day strategies behind digital security – we’re better positioned to defend our assets.
As Sun Tzu says “if you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”
Ultimately, to enable us against these threats, we must understand ourselves, and our enemy.
Preparation: Getting into the right mindset
C-level executives are becoming far more involved in the conversations around cybersecurity and the steps that need to be taken to keep up with advancing threats. For the wider business, the most critical action is to move away from a compliance mindset and start thinking about cyber resilience.
Compliance and regulations are designed to provide a framework for security controls and their objectives, not to be a comprehensive security strategy. Remember, compliant does not mean secure.
Priority must instead fall on acquiring and assessing real-time data, which should ultimately be presented in a way that is accessible to the entire business – for those with technical backgrounds and those without.
Accurate data leads to accurate decisions – not ones made in panic.
Unfortunately however, as we all know, cyber attacks are inevitable. Businesses therefore need clear, actionable plans in place should the worst happen and they find themselves in the middle of a breach.
Response: Five things to remember
We’ve collated our top five tips for organisations that are critical to an effective response and recovery plan.
1. Do not panic
Conducting table top exercises in preparation will help organisations acclimatise to the panic and navigate the genuine sense of violation. By underestimating these immediate emotional reactions in those initial moments, teams risk making quick decisions which will make things worse further down the line.
Responding quickly is only worthwhile if it’s balanced with effectiveness.
2. Do not turn off systems
While it may seem logical to shut down networks to stop attackers in their tracks, the danger is that businesses risk losing valuable evidence about how the adversaries gained access in the first place. So in an effort to stop attackers in their tracks, organisations end up destroying evidence of vulnerable access points, thereby leaving the doors open for attackers to try again.
3. Commence incident response
Never underestimate the value of spending time with your incident response teams – whether internal or external. Not only does it help finalise any last few details, but it can also help put minds at ease to some extent, knowing what plans are in place and having a direct line to the experts that will lead the critical response.
4. Private communications
Do not communicate through their normal business email accounts in the event of a breach as hackers may have already gained access to these. Not to mention the fact that attackers actively monitor security teams through these channels to find out which of their attempts have been detected.
Instead, set up WhatsApp chats or other private channels, for emergency communication only.
5. Legal and PR representation
Make sure to agree the list of external people that need to be involved in the event of a breach, including legal counsel and intermediaries or brokers to facilitate payment in the case of a ransomware breach.
It’s also vital to map out your public relations strategy to help maintain control over how details of breaches are released. Trying to keep the incident on the down low could ultimately result in the press running wild with a story should they catch wind of it.
A final takeaway
Do not fall into the trap of underestimating your enemies and overestimating your defences.
According to the latest industry research from attack surface management (ASM) platform Encore, cybersecurity is now at the ‘top of the board agenda’ for 52% of organisations. While this is promising, we need to see more from businesses, and it all starts with a change in mindset.
It’s time for organisations to not just be cyber secure, but also cyber safe. For more on how to make this all-important transition, get in touch with us today!
