In this blog post, we will explore some of the best practices in prevention and recovery using our experience working with our clients and helping them deal with real life situations.
We are all aware of the rise in cyber-attacks across the globe and Australia has been no exception. In Australia data breach notifications are tracked by the Office of the Australian Information Commissioner which reports every 6 months.
What these statistics show clearly is the continuing rise in threats to Australian businesses (remembering not all organisations have to report so the real figures are likely to be much higher).
So, how can organisations prepare for this rapidly changing landscape? We think of this in 2 focus areas; what to do before a breach (cyber resilience) and of course, what to do if you’ve experienced a breach (cyber recovery).
Before you can build an effective cyber plan, you need to understand the threat landscape as it relates to your organisation. This process helps to understand where the threats are likely to come from: A hotel has a significantly higher threat of physical breach compared to a typical office environment, whilst a company dealing with sensitive information has a higher risk of employee mishandling of data.
You also need to think about your infrastructure, do you have workloads in a private cloud facility, in public cloud (Azure, AWS), in edge locations including offices? It is important to be able to provide a consistent security and governance approach across your entire environment.
Many customers have unclear accountabilities between their Technology providers and their own IT teams. As part of the initial review, it is important to be able to identify all IT systems and understand who is responsible for management, maintenance, and security.
When we are working with clients on their cyber strategy, we find there has typically been a lot of focus on resilience (prevention) but often less focus on what they will do if (when) an attack happens (recovery). From our experience, there are 3 key steps to any cyber incident response.
It may sound obvious but first you must know an attack took place. Speed matters and we recommend having a managed detection and response (MDR) system in place that is monitoring your environment in real-time. Modern border systems are highly capable platforms for detection; these need to be supplemented with telemetry from cloud, network, and endpoints. Tools such as VMware Carbon Black give data beyond the native logging of the device, extending into AV and device compliance both on and off the network.
As soon as an attack or breach has been confirmed, you need to quickly lock down the environment and trigger your crisis management plan. Responses need to be variable based on the detected attack vector, and tied to infrastructure management for an appropriate, automatic response. Having a plan to respond is the first step in automating that response via a comprehensive MDR system.
Now, the recovery process starts, typically working with an external specialist partner to investigate the compromise and look at options. Depending on the breach, this may include patching, restoration from backups or changes to the environment to prevent reoccurrence. In turn, this opens works that go back to the resilience side of the cyber plan – ensure that backups cannot be compromised, patch management cycles, having a tested response plan, and talking through the accountable stakeholders.
As attacks have become better at moving through an organisation’s IT infrastructure, the risk of infection of backups has grown exponentially. This has led to a focus on providing an “air-gap” between an organisation’s production IT environment and all backup sources so that all back-up data is never accessible from production.
We recommend clients run simulations that allow them to test their cyber recovery plans, including crisis management, communication, decision criteria on shutting down systems vs business disruption, board engagement. This testing is a key step in being able to handle a real crisis effectively.
We have seen a significant rise in the number of customers taking out cyber insurance and estimate 70-80% of our clients are now protected with cyber insurance. The cyber insurance market has evolved over the last 12 months as ransomware attacks in particular have become more prevalent. This has resulted in a shift in both the price of premiums and the amount of cover provided (our rough analysis is premiums have doubled and cover has halved over the last 12 months).
Despite this, it is something we recommend to most of our clients, noting that needs do vary depending on the size of organisation, industry, and nature of business and therefore risk profile. In particular, we are finding the minimum standards for cover to be provided are increasing. These can include deploying multifactor authentication for applications and network access throughout the organisation, having a SIEM (security information and event management) system and proof of adherence to the Essential 8 Strategies to mitigate cyber security published by the Australian Cyber Security Centre.
Delivering a robust cyber security environment is a significant undertaking for any organisation and requires working closely with a partner that understands the security landscape and the specific needs and threats that face your organisation.
When planning your cyber security posture, it’s not enough to rely on either resilience or recovery – organisations need to be prepared with both.
At Tecala we have worked with organisations of different sizes and in different industries and can guide you through an approach that looks at your cyber resilience and cyber recovery readiness. We have a wide range of cyber services including Managed Security Services, which is a popular option for many clients looking to leverage external expertise as part of their overall cyber readiness.
Our assessment follows 3 Steps:
In this blog post we will cover some of the key trends that are impacting how networks are evolving, and how organisations can take advantage of these shifts to deliver more robust, more secure, and more flexible services to their customers and employees.
We are now living in a world where expectations about work have shifted. Where we can think about creating more fulfilling and flexible workplaces and embrace a world where talent can live anywhere.
