Cyber security: Is your organisation under threat of a cyber-attack?
Forensic Focus - August 2015
The short answer is that in today’s world, all organisations are at risk of a cyber-attack. The digital revolution is driving business innovation, yet it is also exposing organisations to new and emerging threats. Exciting new technologies such as virtualisation, social media and cloud based services helps organisations by increasing integration and lowering costs, but they also come with risks and a possible avenue of exploitation. These new possible avenues of exploitation mean that organisations have greater exposure to cyber-attacks than ever before.
In a world increasingly driven by digital technologies and information, cyber-threat management is more than just a strategic imperative. It’s a fundamental part of doing business. Yet for many C-suite executives and board members, the concept of cybersecurity remains vague and complex. Although it might be on your strategic agenda, what does it really mean? And what can your organisation do to shore up its defences and protect itself from cyber-threats? A common myth is that cyber-attacks only happen to certain types of organisations, such as high-profile technology businesses or financial institutions. However, the cold, hard truth is that every organisation has valuable data to lose. In fact, the attacks that happen most frequently are completely indiscriminate – using scripted, automated tools that identify and exploit whatever weaknesses they happen to find.
Cyber-attacks can be extremely harmful. Tangible costs range from stolen funds and damaged systems to regulatory fines, legal damages, and financial compensation for injured parties. However, what might hurt even more are the intangible costs - such as loss of competitive advantage due to stolen intellectual property, loss of customer or business partner trust, loss of integrity due to compromised digital assets, and overall damage to an organisation’s reputation and brand - all of which can send an organisation’s share price plummeting, and in extreme cases can even drive a company out of business.
Many organisations invest in advanced software and hardware solutions as a means of prevention and detection. However, the cyber-attackers are often one step ahead, meaning that cyber-attacks are still likely to occur. It also means that effectively responding to attacks is a notable challenge for organisations at all maturity levels of information security.
Being resilient to cyber-risks starts with awareness at the board and C-suite level; a recognition that at some point your organisation will be attacked. But the good news is that cyber-threats are a manageable problem - by understanding the biggest threats, which assets are at greatest risk and coming up with a well-balanced cyber-defense strategy that is secure, vigilant, and resilient.
Often organisations are scared into aiming for perfectionism in all these aspects - something that would be nearly impossible and potentially not very cost efficient. The key to a well-balanced strategy is to make informed and prioritised choices and investments, to ensure the best possible defence for investments are made.
You can find more information about managing cyber-risks in our Global Cyber Security Briefing
What if your organisation is under attack?
Upon discovery of a breach, an organisation is immediately put under heavy time and resource pressure. Whilst technical teams are stretched to the limit going through vast and complex IT landscapes to identify and isolate the breach, management will want guidance on the severity of the attack and what areas of the business that are under attack. Management will also want to know how to effectively contain the situation, how to communicate consistently to staff, shareholders, the press and potentially regulators.
Once under attack, slow or incorrect responses to a cyber-attacks could lead to various outcomes such as: loss of share value, reputational damage, loss of clients and potential litigation costs – or even further attacks.
And to further add insult to injury, while the systems may be running at a lower capacity due to the attack, further strain may be put on the systems with a potential barrage of queries targeting front line customer support, account management and public relations. Externally facing systems such as phone lines and websites may also face critical capacity. Management and IT will want to get the systems back up and running again at full capacity and as quickly as possible so that the organisation can resume business as usual.
Once the immediate state of crisis is over and the incident is considered contained, management and stakeholders will legitimately want to know:
- How did this happen?
- For how long has it been going on?
- Has it happened before?
- How do we prevent it from happening tomorrow?
Legal teams working for the victim organisation will require forensic technology reports outlining details about the affected systems and the compromises caused by the attack. Very few organisations have internal capabilities to conduct the analysis and to deliver reports to the required standards. Getting this right the first time is critical to avoid potential further damage.
Help is on hand
Effective response to cyber-attacks requires flexibility and the ability to make decisions, often based on incomplete information, in order to control the incident and to manage the risk effectively. Our approach blends our deep technical skills, crisis management expertise and business intelligence to deliver a complete service to organisations when they need it the most.
Using our technical and field experience we can help organisations minimise the time and resources needed to locate valuable digital evidence. Our crisis management team can work with organisations to quickly define roles and responsibilities in order to design response workflows and strategies. Our deep understanding of an organisation’s risks and operations can help ensure that response strategies are appropriate for individual organisation’s needs.