The recent confrontation between the U.S. and Iran raised concerns that organizations may become collateral damage in the event of a “cyber war” between the two nations. Cyber warfare is no longer theoretical. Texas Gov. Greg Abbott recently noted that the Texas Department of Information Resources had seen a spike in attempted cyberattacks from Iran on state agency networks at the rate of about 10,000 per minute over the previous 48 hours (Fort Worth Star Telegram, 1/7/2020).
In the course of just a few weeks we have witnessed: increased IT threats from cyber threats, potential loss/reduction of workforce and associated life safety issues due to pandemic threat, financial risks associated with both, life safety concerns from recent active shooters incidents, and more. Is your organization prepared to effectively address threats from multiple fronts?
Don’t let the pandemic threat impact your cyber threat or breach vigilance and response. With the potential impact of a reduction in your IT workforce, what are your plans to remain vigilant and responsive to cyber threats? A good information foundation and response plan supported by technology will put you in a better position.
Cyber is a risk for any organization. You need a solid cybersecurity program and action plan to ensure good decisions when an incident occurs. Effective response, successful recovery and complete remediation are dependent on timely decisions based on accurate, current data. Preparation and information availability will ensure the right decisions from the right people at the right time.
If your organization is breached, you need to act swiftly, no matter the current risk landscape. Consider:
Cyber threats present a unique type of risk for all organizations. The threat is constant, making the likelihood of occurrence extremely high, unlike the relatively low potential of most risks. Due to the sheer magnitude and ever-changing nature of cyber threats, it is not a matter of “whether” an organization will be impacted, it is a matter of “when.” Very few are fully prepared to respond to an incident at an enterprise or organizational level.
Response to a major cyber incident requires not only current, effective, IT-focused cyber plans, but also participation from all lines of business and operational support areas to ensure a successful integrated, orchestrated response. The increasing velocity of today’s threats heightens the need for a robust response strategy.
Listed below are some actions for consideration to improve your cyber risk preparedness:
Much like protection from kinetic (or physical) terrorist attacks, organizations must be right every time to successfully defend against all cyberattacks. The bad actors only have to be right once to inflict severe damage on an organization. Without documented and integrated response plans and a formalized incident response strategy, the damage realized from a cyberattack may be irreparable.
While much has been written concerning hardening against cyber threats, now is the time for a prudent review of your cyber risk, your defenses against cyber threats, and your documented remediation actions in your cyber incident response plan.