Cyber Security
Cyber preparedness building blocks
An ignition guide to cyber drills for better incident response “Remember when the disaster strikes, the time to prepare has passed” - Steven Cyros
By Annu Singh
E
very day newspapers and news websites are rife with stories of cyberattacks on large organisations causing financial and market reputation losses (Bangladesh Bank) to businesses, forcing near shutdown in some cases (Norsk Hydro, Target), data theft of customers in others (Toyota, Standard Charter) and not to forget IP loss (Adobe fined $1Million) and regulator fines. As I write this, the latest in a long list of victims is German pharmaceutical and chemical giant Bayer, who was recently subjected to a sustained cyber-attack that allegedly originated from the Chinese Winnti hacking group. The news comes two years after Merck & Co was hit by WannaCry ransomware, a cyber-attack that the pharmaceutical company said had cost it around $135m in lost revenue, due to production shutdowns and lost sales, and they spent around $175m in remediation costs. The pace of cyberattacks is relentless and organisations invest serious sums of money to fortify their cyber defenses. The focus can no longer be limited to preventing the attack, organisations also need to know what to do when a
16 | Australian Cyber Security Magazine
breach happens. This is where a well-designed and tested incident response (IR) plan comes to play. According to a UK Government Study 58% of executive boards view cyber risks as a top business concern. 68% of boards have not received any training on how to respond to a cyber incident and 10% have no cyber incident response plan.
Defining Cyber Security Incidents and Incident Response Plans Cyber security incident is a broad term that describes any threat that may compromise the confidentiality, integrity and availability of an Organisation’s information. A threat could be internal, like policy violations or external like a cyberattack, encompassing network based or a web application or perimeter breach. Malwares, ransomware phishing, cyberjacking, DDOS can all be used for cyberattacks. An Incident Response (IR) plan addresses how an organisation’s resources will be mobilised to respond to minimise damage, increase external stakeholders’ confidence and reduce recovery time and cost when the cyber security incident occurs. Critical Incident response management is now a requirement to comply with both GDPR & NIS regulations. NIS requires organisations to