incident response LO4 • Analyze communications approaches and perceived failures in cases of catastrophic business loss related to IT systems failure or attack • P4 ESSAY –Identify and explain a case study that could be translated as a weak organizational response to a major cyber-security incident. Evaluate how the organization responded and provide recommendations that would support a more cyber-resilient approach over the next five years. Why now is the right time to plan your incident response communication
• Planning crisis communication before a data breach happens can
help restore your business’s reputation fast. • Companies are now starting to focus not only on preventing breaches but planning to limit their impact. • This change of focus involves classic strategies, like buying extra security solutions that detect attacks early, hiring new incident responders and training an existing team to react more effectively. • It also brings new faces to the activity most prone to falling through the cracks: post-breach crisis communication. APPLYING A REPUTATION REBUILD
• Consumers are now much more concerned about data privacy.
• In the US, 83 percent, and Britain, 44 percent of consumers say they stop spending with companies after data breaches for several months. Many say they’ll never go back.
• The need to rebuild their reputation sees companies spending on
average $161,000 US dollars on public relations after a breach. What is good crisis communication during cybersecurity incidents? • Cybersecurity professionals agree that data breach response should happen across the business, not just in IT Security.
• Despite this, many companies struggle to respond fast enough, with
enough information to quell the rumors. • But preparing in advance for IT security incident crisis communication can fast restore a good reputation when it happens. • 1. Involve everyone in crisis management planning • Companies should plan for how they’ll communicate about any situation they might face. • A cybersecurity incident should be one of these. • Your crisis management plan should include people from all departments, That means IT Security, IT, legal, customer support and corporate communications for a start. • 2. Educate non-IT employees on IT security basics • Building a cyber-aware culture at work has benefits beyond incident response.
• As a minimum, all those who will be involved in responding to a
cybersecurity incident need a basic understanding of IT security. • 3. Have different plans for different types of incidents • You’ll probably need separate plans for different kinds of issues. • The reputation impact of an advanced persistent threat (APT) that lets cybercriminals spy on business activities will be changed to that of business-halting ransomware. • Use the company’s threat model to identify the most likely scenarios you’ll need crisis communication plans for. • 4. Prepare alternative internal communication • If hackers have compromised email, IP-telephony, direct messages and phone or video calls, you’ll need secure channels to use to keep employees updated and plan your response.
• In this situation, involved employees should use encrypted
channels. • Prepare non-technical staff in advance by explaining the need for encrypted messaging, how to install it and how to use it. • 5. When you disclose, be specific • When they’re not given enough detail, people tend to speculate. • When disclosing an incident, say exactly what happened, how it affects customers and partners, and what you’re doing about it. • Every task is urgent when responding to a security incident, but only IT Security can give corporate communications the details that will let them write an accurate and informative statement. • IT Security should prioritize conveying this information, alongside their most urgent post-breach tasks. • The success of Kaspersky’s and others’ crisis communication in response to major incidents shows that even when cybercriminals succeed, good communication can still win the day. And like many things in business, it’s all about the planning. • Why It Works • Social engineering isn’t sophisticated. It doesn’t take a tremendous amount of technical knowledge to be successful. • Virtually every person has some aspect of their life online. • Despite its abundance, lack of awareness means there’s no lack of potential targets. • When it comes to spear phishing, cyber criminals know how to manipulate – preying on human behavior and emotions, creating a sense of urgency, and personalizing targeted exploit can fool even the most prepared individuals. • Prevention Eventually Fails • You clicked the link. It happens. • Even people who look at security all the time • That isn’t an excuse to throw vigilance out of the window, but it does mean when it happens, you don’t need to beat yourself up. • Acknowledge that your data is out there, it’s easy for bad guys to get, and it’s time to reexamine your security program. • When it comes to safeguarding your organization against social engineering tactics, there are two parts to prevention: Take the human decision-making out of the process • Digital certificates verify a sender’s identity, assuring you, the recipient, that they are who they claim to be. • When you receive a text or email, stop and ask yourself “Is this information I’ve put online?” Don’t be afraid to call and confirm the communication you received is legit. Implement a strong security awareness training program • Don’t just check off the compliance box – make it specific and real based on the tactics cyber threat actors are using (criminals, hacktivists, and nation-state actors). • Test our employees with targeted spear phishing emails – not to embarrass anyone but to demonstrate how easy it is to find personal information and as a reminder that no one is immune from these schemes. • This increases the risk to businesses as personal and professional online activities blend more closely together. • But you can implement security procedures that increase the awareness among your employees and reduce the opportunities for human error. • You can (and should) develop a comprehensive incident response plan that prepares your organization for a breach. • And you can survive social engineering attacks when your security program implements prevention methods but plans for if and when prevention isn’t enough. How can you spot incidents faster? • To promptly detect threats, organizations need to have deep awareness into where their data resides, how sensitive that data is and who has access to it. • They also need to be able to quickly spot and investigate suspicious activity, so they can take action to mitigate threats. Understand which data requires attention. • You need to know exactly which data is more valuable and is therefore a more likely target of threat actors. • Data classification will help you understand which information is sensitive and where it is located so that you can take appropriate steps to protect it. • Ideally, an automated solution will regularly check whether all critical data resides only in secure locations and take steps to remediate any overexposure before the data can be infiltrated or encrypted. Closely monitor user activity around data.
• The longer hackers can lurk undiscovered in your IT environment,
the more time they have to creep around, identify your most critical files and steal them. • A user behavior analysis and monitoring tool is critical to quickly spotting both overt and subtle indicators of attacks, such as activity outside of business hours, unusual data access patterns and failed logon attempts. • A solution that can proactively alert you about abnormal spikes in user activity will enable you to respond to threats even faster. Have an actionable incident response plan.
• Finally, it is essential to have a detailed incident response plan and
regularly test it to make sure it works as intended. • Ideally, this plan will include procedures for handling and reporting incidents, as well as guidelines for communicating with outside parties. • Having a solid plan will help you take action more quickly in the event of a security incident so you can minimize the damage you suffer. • If you want to revise your existing plan or create a new one, use best-practice standards like NIST SP 800-61 r.2 and ISO/IEC 27035 as a starting point. • No matter how much the economic situation changes, prompt detection and response to cyber threats must remain a core priority for your organization. • The ability to spot and address incidents in their early stages will help you avoid data breaches and their unpleasant consequences, including business downtime, lost revenue, costly security investigations and fines from regulatory bodies. • As a result, you can save your budget for mission-critical tasks that will bring your organization value in the long run. 6 WAYS POOR CYBERSECURITY HURTS BUSINESSES
It May Compromise Your Inventory Management
• Proper cybersecurity is a must for excellent inventory management.
For example, use an inventory management software based on a barcode system. • It strengthens security and reduces the likelihood of errors that could result from a manual system. • That means it’s essential to take a holistic view of cybersecurity and see its relation to your inventory. It could reduce your resources for growth
• A cybersecurity issue could cost your business hundreds of thousands
of dollars or more, depending on its severity and the process you have to go through to recover. • For example, ransomware is growing in popularity among cybercriminals, who lock down access to your files unless you pay a defined ransom. • Then, even if you decide to pay the ransom, there’s no guarantee of getting the data restored. • Try to adopt a “not if but when” mindset regarding your cybersecurity. • You cannot merely assume that hackers won’t target your company. Put preventative measures in place so they won’t be successful. It Could Shutter Your Business • A cybersecurity incident could leave you unable to access customer data or take care of other essential parts of operations. • Certain hospitals, after being attacked, have had to send patients elsewhere or delay non-urgent treatments. • Cybersecurity problems can be so damaging that they force companies out of business. • If you are a small business without a large staff, dealing with the aftermath of a data breach could become so time-intensive that it’s not possible to remain open as usual during the recovery period. • A short-term closure that impacts your profits could become necessary. • Having a crisis response plan in place is one of the best ways to limit the likelihood of having to close down after a hack. Then, you’ll be able to move into action instead of being overwhelmed. It Could Put Your Organization at Risk for Regulatory Fines • There is a growing list of companies that have either been fined under the General Data Protection Regulation (GDPR) or are being investigated for possible penalties. • The fines vary depending on the extent of the infraction, and some have been the equivalent of hundreds of thousands of dollars. • If your company interacts with customers within a country operating under the GDPR and you don’t have proper cybersecurity measures in place, you could be fined by the respective privacy regulator after a data breach happens. • Also, even if you don’t do business in a country that’s bound by the GDPR, keep in mind that other privacy regulations are coming down the pipeline soon. • One of them is the California Consumer Privacy Act (CCPA), which goes into effect in 2020. • It’s ideal to remain educated about what your company needs to do to stay in compliance with any existing or upcoming privacy regulations. • Keeping your knowledge current should cut down on the chances of a fine. • Also, research to see whether there are special privacy precautions for your industry. • For example, the banking industry has specific rules (PCI) for handling data, and the same is true for companies that process payments. Insufficient Cybersecurity Is a Costly Problem
• Modern hackers are incredibly skilled at orchestrating large-scale
hacks and finding their next victims. • Companies with numerous vulnerabilities and little to no protection in place are among their favorite targets. 8 Most Common Cybersecurity Weaknesses to Watch for in Small Businesses • Lack of a high-level strategy. Many businesses, especially new and small ones, simply lack a high-level strategy for their cybersecurity needs. • They don’t have any security infrastructure in place, either because they don’t take the topic seriously or because they deem it a comparatively low priority. • However, this high-level strategy that sets the course for your main security priorities and your general approach to preventing and mitigating attacks is vital for success. • Unsecured networks. If the network isn’t secured, it’s trivially easy for nefarious parties to gain access to your system. • And once they’ve infiltrated the network, they can gain access to practically all devices and systems connected to that network. • This is a simple step to take, but it’s one that many business owners still neglect. It’s also a great opportunity to demonstrate your expertise. • Unsecured communication channels. • If the business is regularly exchanging sensitive data, it’s also important to incorporate secure communication channels. • For example, you might invest in an encrypted, secure email platform that you use to communicate directly with clients. • Or you might establish protocols for using multifactor authentication when sending certain types of messages. • Unknown bugs. Sometimes, a bug or flaw in a given app can be responsible for giving cybercriminals an easy backdoor to your accounts. • This could be an aspect of software you’re using from a third party, or it could be a flaw in the API that connects two different apps together. • It’s impossible to prevent or detect all bugs, but you can improve your security by proactively scanning for bugs when possible, and examining your vendors carefully before choosing them for your applications. • Outdated systems. • Fortunately, most software developers and hardware manufacturers are constantly on the lookout for security threats that could hurt their users. • When they find a problem, they issue a patch to eliminate that problem—but to make use of this patch, you have to update your hardware or software. • If the business is using outdated systems because it isn’t updating regularly, the business could be at risk. • Untrained employees. • Close to 90 percent of data breaches are caused by human error. • Instead of some ultra-skilled hacker brute-forcing his way into your system, an employee volunteers his password after getting duped, providing an opportunist an easy way to gain access to the business’s data. • That’s why untrained employees are one of your biggest vulnerabilities. • It’s vital to train employees on best practices in cybersecurity, like teaching them to use strong passwords, helping them identify different types of attacks, and giving them instructions on how and when to use networks that aren’t theirs. • It’s also important to retrain employees regularly, and make sure they’ve retained this information. All it takes is one slip from one person to jeopardize the health of the entire company.