{"id":22451,"date":"2021-06-25T17:35:46","date_gmt":"2021-06-25T17:35:46","guid":{"rendered":"https:\/\/cyberleadershipinstitute.com\/?p=22451"},"modified":"2023-12-11T08:34:43","modified_gmt":"2023-12-11T08:34:43","slug":"want-to-improve-your-cyber-crisis-response-think-beyond-technology","status":"publish","type":"post","link":"https:\/\/cyberleadershipinstitute.com\/want-to-improve-your-cyber-crisis-response-think-beyond-technology\/","title":{"rendered":"Want to Improve Your Cyber Crisis Response? Think Beyond Technology."},"content":{"rendered":"

\"\"<\/span><\/p>\n

RISING NEED FOR STRONGER CYBER RESPONSE<\/span><\/strong><\/p>\n

No matter how big or small, every enterprise faces the daunting task of defending itself against increasingly brazen, well-funded, and capable cyber threat actors. There is no underestimating the difficult situation most enterprises find themselves in. Enterprises cannot afford to delude themselves about the current situation \u2014 protecting against the soaring threat of cybercrime has never been more critical. Discounting cybercrime is not just negligent; it\u2019s dangerous.<\/span><\/span><\/p>\n

If the past few years have confirmed anything, it is this: there is now no escaping the risk of cybercrime. There is no shortage of high-profile examples. Recently, Colonial Pipeline Company<\/a> \u2014 which carries 45% of the East Coast\u2019s (USA) supply of diesel, petrol, and jet fuel \u2014 was forced to pay nearly $5 million in ransom after hackers unleashed a strain of ransomware that debilitated its computer network. The high-stakes hack sent shivers down the spine of many nations, businesses, and civilians.<\/span><\/span><\/p>\n

Leading CISOs have long acknowledged that debilitating cyber attacks are inevitable and applied a balanced approach to cybersecurity, carefully investing in defensive and rapid response capabilities. In this blog, we outline detailed cyber incident response measures to prepare you for the inevitable.<\/span><\/span><\/p>\n

CURRENT BUSINESS CHALLENGES<\/strong><\/span><\/span><\/p>\n

If there is one thing that frustrates CISO efforts to fortify cyber response measures, it is this: Executives that constantly discount inevitable cyber threats, treat cybersecurity as a necessary evil, and barely show up at cyber crisis response exercises. This leads to squabbles during an actual incident, miscommunication, and abdication of leadership responsibilities. Consequently, brand equity suffers irreparable damage, and the CISO loses credibility. In our experience and interviews with peers, a further three significant challenges commonly hinder cyber incident and management response. These include:<\/span><\/span><\/p>\n

    \n
  1. As threat actors sharpen their weapons, it\u2019s increasingly harder to detect highly evasive malicious programs that can sneak through aged perimeter defences and exploit crown jewels for extended periods. As CISOs struggle to get budgets approved, threat actors are reinventing billions from their illicit activities. Unsurprisingly, a report by IBM found<\/a> that the average time to detect and contain a data breach is 280 days.<\/span><\/span><\/li>\n
  2. Building cybersecurity monitoring and response capabilities in-house instead of outsourcing these advanced capabilities to organizations equipped to deliver advanced monitoring capabilities at scale. This is often a terrible miscalculation from small to medium-sized corporations lacking the financial and human resources to rapidly build world-class security operations centres.<\/span><\/span><\/li>\n
  3. Poor visibility into one\u2019s digital ecosystem. Logs from critical systems, such as authentication systems or software-as-a-service platforms, are often overlooked. Security monitoring projects are often prematurely signed off before integration with some critical infrastructure or new systems are deployed and never configured to ship logs to the SOC. This leaves critical blind spots across the digital ecosystem.<\/span><\/span><\/li>\n<\/ol>\n

    ACTION PLAN<\/strong><\/span><\/span><\/p>\n

    Leading CISOs strike the right balance between investing in defensive and response capabilities by carefully crafting a detailed plan that covers cyber incident prevention, identification, assessment, and containment. To do this, the CISO must assemble a multi-disciplinary Cyber Incident Response Team (CIRT), led by a Cyber Incident Response Manager, with sufficient authority to invoke appropriate mitigations without delay in the result of a cybersecurity incident. The CIRT assesses, contains, and responds to cyber incident breaches above a specific threshold.<\/span><\/span><\/p>\n

    The CIRT is also tasked with evaluating the severity of the incident, business impacts, legal ramifications, reporting obligations, and taking drastic actions such as disconnecting critical systems from the network.<\/span><\/span><\/p>\n

    While the CISO remains an integral part of a cyber crisis response team, high stake cyber crises must be led by very senior business officers. Ideally, the Chief Executive Officer (CEO) should assume this vital role. However, it can be any other senior business officer with the authority to make big decisions, such as the CEO\u2019s chief of staff, an experienced public relations hand, or an assistant general counsel.<\/span><\/span><\/p>\n

    CYBER INCIDENT PREVENTION<\/strong><\/span><\/span><\/p>\n

    The CISO must conduct a detailed assessment of the environment to ensure adequate controls are in place to prevent high-impact incidents from occurring. The CISO\u2019s primary responsibility is to reduce the enterprise\u2019s exposure to high-impact and highly plausible cyber attack scenarios. First and foremost, doing this requires fortifying the enterprise\u2019s defences to reduce the probability of threat actors reaching crown jewels. Here are our top 8 recommendations:<\/span><\/span><\/p>\n

    CRITICAL PREVENTABLE CONTROLS<\/strong><\/span><\/span><\/p>\n