Maksim Kabakou - Fotolia

Security Think Tank: Aim for integrated resilience, continuity and recovery

How should businesses plan to survive a potential cyber attack extinction event?

Up to recent time, perhaps the past couple of years, when I talked about the possibility of an extinction event from a cyber attack, the perspectives of the vast majority of people were still entirely focused on this being an exfiltration, manipulation or destruction of the information asset.

However, for some years I have been highlighting that with growing capabilities within a range of nefarious organisations, including nation state-backed organisations and collaborations, that cyber attacks could go truly physical. This includes ransomware.

When I say this, it isn’t the use of the academic terminology “cyber physical”, it’s the ability to truly damage, maim or destroy in the physical world as well as information assets. It is a very real thing, and society is only just waking up to its potential.

We have already seen a number of industrial control systems being targeted – attacks on power grids, gas supplies, factories, shipping and aerospace, for example. It’s an almost endless list. Building management systems are also potentially vulnerable.

The one thing that all of these have in common is that not only are they not core IT, but they are still largely viewed as not even being IT. We have the term operational technology (OT), but many businesses are still catching up with this and, in the meantime, systems remain vulnerable.

With the interconnectedness of all things, this has the potential to open up a devastating attack that would be a genuine extinction event – not just for one organisation, but for many.

We are potentially on the verge of seeing the first cyber twin towers. We know that cyber threat is classified as a tier one threat. We know that the government estimates that there are more than 30 hostile nation states capable of attacking critical national infrastructure. We know that within government, there is a shocking lack of leadership and direction on the matter of cyber security – because a parliamentary select committee told us so. We know that across industry as a whole, the convergence of cyber and physical threats is still being given barely more than lip service.

Read more from Computer Weekly’s Security Think Tank about how to survive a cyber attack that could potentially destroy a business

We know a great deal about the challenge, but what do we do about it?

First, we need a wholescale change of culture. We need leadership in government and in boardrooms, and we need security tactical advisers with the capability to adequately communicate with, and advise, this leadership.

We need to immediately get to grips with where our assets are, how they are configured and where they are vulnerable, and develop resilience and contingency plans that will protect the most vulnerable access points to our most critical business processes.

Most of all, we need to finally realise that we can no longer operate in silos as businesses, as sectors or as a nation. We need fully integrated, holistic and scalable resilience, continuity and recovery capabilities that are fit to meet the threats of the future – to protect ourselves, our customers and our communities.

Read more on Data breach incident management and recovery