Maksim Kabakou - Fotolia
Security Think Tank: How to reduce the impact of a potential cyber extinction event
How should businesses plan to survive a potential cyber attack extinction event?
An extinction event is the incident that brings a business to its very knees. Its speed and sophistication enables it to bypass traditional defences and, in the cyber realm, turn an organisation’s complete IT infrastructure, and the business that it supports, to dust. As the digital transformation fad accelerates across industries, this should lead business leaders to ask the question: could it happen to us?
Recent experiences associated with NotPetya, Wannacry, Industroyer and the explosion in aggressive and destructive ransomware have removed all doubts: weaponised, sophisticated malware that can cripple industry is with us and active. So, what to do?
Imagine a scenario where you are hit hard
Suspend your disbelief, challenge your over-inflated expectations of technology, and imagine a scenario where your security operations centre (SOC), your threat intelligence and your latest and greatest security toy have all been overcome by a sophisticated, well-funded adversary, and you are simply back to bare metal. If it helps, think of it as a thought experiment – a really cheap one.
Do the basics really, really well
Yes, it has been said many times and it is mundane, difficult and costly to do: get that patching sorted, complete those asset inventories, roll out that anti-virus, tackle that legacy. This may not remove the possibility of having to face an extinction event, but it should reduce it. Do it well, as if your company depended on it – because it does.
And remember that when your databases are torn to shreds, that a single good backup copy takes on the value of the entire company – without it, there is no hope.
Value your people
In an extinction event, you may have little technology, but you will have plenty of people who are willing to help. Use them.
Read more about disaster recovery
- Disaster recovery requirements are constantly changing, and a DR plan must do the same.
- How to determine your disaster recovery objectives.
- How to ensure a secure disaster recovery operation.
Let them use their creativity. Let them use their business knowledge to keep the business at least ticking over. Let them do things that you would never, ever countenance on a normal day – provided it helps.
After all, you can’t make it worse – only better.
No one is coming to help
You may be counting on some help in your hour of need – your outsourcer, your partners, your supply chain. You would hope they would be able to offer assistance and boost your staffing as your key people succumb to fatigue.
But don’t count on it. You may simply be caught in the crossfire of a bigger event affecting multiple organisations, which will hoover up any cavalry. Help may simply not be coming.
Think of the ‘what-ifs’
What if we have to run the business without IT – can we?
What if we don’t have a clean backup?
What if we will take six months to recover?
Practice makes perfect
Grasp the unthinkable and rehearse with your staff as a continuity exercise. Go extreme, then further. A real incident is far, far scarier than you can simulate and you need to understand how people react in extremis. But also, do it to give your staff the confidence that it can be done, which is invaluable.
We are in a new era where the weaponisation of cyber is a reality, where the extinction event is real. The new watchwords are resilience and recovery. Be good at them.
Read more about resilience
- Cyber resilience lacking due to apathy of UK leaders.
- Government lacks cyber resilience leadership, according to MPs.
- Mimecast extends core email security to enable cyber resilience.