Is Your Company Cyber-Resilient?
| April 1, 2021
By: Marin Sklan
Editor’s Note – Marin Sklan is Marketing Manager at iCorps Technologies in Boston.
According to the National Cyber Security Alliance study, 60 percent of businesses that are hacked go out of business within six months.
The vast majority of damage done in cyber attacks is due to the inability of a company to respond because it has not developed a cyber prevention and response strategy.
If your e-commerce system, website, email, or customer data were suddenly inaccessible because of an attack, would you be able to get back up and running within minutes, hours, days, or at all? That depends on your business’s level of cyber resilience.
Here are the key steps in developing effective Cyber Resilience within your company. The most common definition of cyber resilience is the ability of an enterprise to limit the impact of security incidents. It’s a broad approach that encompasses cybersecurity strategies and business continuity management.
Cyber resilience includes two primary components. The first focuses on preventative measures such as continuous monitoring and threat reporting. The second focuses on developing appropriate response plans in the event of a cyber attack. Unfortunately, most businesses fail at this critical second step.
Developing Cyber Resilience: Assess Your Business Risks
Before you implement an incident response plan, you’ll first need to assess the risks to which your company is exposed. Risks may be:
- Strategic – the failure to implement business decisions that align with strategic goals
- Reputational – negative public opinion
- Operational – loss resulting from failed internal processes, people, systems, etc.
- Transactional – problems with service or product delivery
- Compliance – violations of laws, rules, or regulations
To conduct a risk assessment, you’ll need to characterize your business processes. What kinds of data do you use, and where is this information stored?
Then, identify potential threats such as unauthorized access, misuse of information, data leakage or unintentional exposure of information, loss of data, or disruption or service or productivity. You typically need to look at several categories of information to adequately assess your business’ vulnerabilities.
Consider the following controls:
- Continuity of Operations Controls
- Organizational Risk Management Controls
- User Provisioning and Authentication Controls
- Data Center Physical & Environmental Security Controls
Regular risk assessments are a fundamental part of your business and they should be reviewed regularly. Once you’ve completed your first risk assessment, you can implement an incident response plan.
Develop Your Incident Response Plan
An incident response plan will identify the actions that should be taken when a data incident occurs. The aim is to identify the attack, contain the damage, and eradicate the root cause. When your organization responds to an incident quickly, it can reduce losses, restore processes and services, and mitigate exploited vulnerabilities:
- Preparation – Create an incident response team and outline their roles and responsibilities. Develop policies to implement in the event of a cyber attack, as well as a communication plan.
- Identification – Decide what criteria calls the team into action, such as a phishing attack; assess the incident and gather evidence.
- Containment – Mitigate the damage; this includes an instant response and long term containment, such as installing security patches on affected systems.
- Eradication – Contain the threat and restore systems to their initial state.
- Recovery – Ensure that affected systems are not in danger and can be restored to working condition. Monitor the network system to ensure that another incident doesn’t occur.
Lessons Learned – Review the steps you took and see if there are areas for improvement. This report can be used as a benchmark for comparison or as training information for new incident response team members.