The potential threat posed by cyber-crime is, by now, pretty well understood. What’s less well understood is how to put a strategy in place that is robust and flexible enough to cope with a constantly changing threat landscape and, even more critical, will help the company to recover from a cyber-attack. In the end, cyber-security should be seen as part of the overall strategy to ensure business continuity through resilience.
Jeremy Capell, GM: advisory services at ContinuitySA, believes there are four key components to an effective cyber-security strategy: Implementation, assessment, monitoring and response. Most companies have long since recognised the need for the first two, and have assigned budget and resources to them. Far fewer even have the second two in their sights.
“Implementation covers the creation of security and governance policies along with technical activities such as the configuration of firewalls and so on,” he explains. “”Assessment looks at the standards that need to be complied with, such as ISO 27001, and includes technical activities like performing a vulnerability assessment and doing vulnerability testing, usually annually.”
“”All well and good, but these are essentially activities that take place at a certain point in time. If, for example, a new threat appears just after the annual vulnerability test, then the systems are effectively vulnerable until the next test,” he adds.
That’s why the third component, monitoring, is so critical. Gathering threat intelligence needs to be continuous. It would include observation of sites on the Dark Web where hackers boast about their exploits and even post hacked information, checking whether traffic from known bad hosts is directed at your sites and constantly monitoring the threat landscape.
The final component is response in the event of a breach. A suitable technical response is one requirement, but plans for an appropriate business response are also necessary. This would include crisis communications plans and protocols, and how to deal with breaches that affect regulatory or other compliance. How you respond to a cyber-security incident will greatly influence its long-term impact on the business.
Part of the response phase could include help and input from your insurance company. Specialist cyber-insurance is necessary, but most insurers offer various forms of help aimed at getting you operational again, in order to minimise claims.
“A related consideration is that, in my experience, companies have pockets of excellence. They might do some of the various elements well, but it’s extremely rare they can do everything. In order to create the holistic approach I have so briefly sketched here, the help of an independent, specialist consultancy makes good sense,” Capell concludes.