Is Cyber Resilience on Your Board’s Agenda?
-
August 26, 2024
-
While it is convenient to reduce a global IT incident to the mistake of a single vendor, the reality is usually not that simple or straightforward. The events of July 19, 2024 were not the work of a sophisticated cyber criminal group, but rather caused by a flawed update associated with a reputable company, who quickly took accountability and apologized for the incident.1 Had a nefarious criminal group been behind the outage, some of the world’s largest companies would have potentially faced stolen sensitive data, hefty ransom demands, and public scrutiny. This incident highlights the tremendous downstream effects for organizations that relied on services provided by the impacted company.
As a result of the incident, Boards of Directors across the globe, impacted by the outage or not, are now considering whether their organization is prepared to handle an incident of this magnitude and ensuring that a future incident does not cost millions in time and lost revenue, nor jeopardize their reputation. This crisis uncovered which organizations are ready to respond, have invested in resiliency of digital infrastructures, and have viable business continuity and incident response plans in place. Organizations that were not prepared now have the opportunity to leverage this incident as a warning, and use lessons learned to bolster their cybersecurity resilience to mitigate the impact of future large-scale incidents.
Keeping Pace with Modern Security
Cybersecurity firms are innovative and sophisticated; they were created to fix the problems of the present with the future in mind. They must stay one step ahead of motivated cyber criminal groups leveraging stellar technical acumen, unrivalled agility, and growing resources.
Cybersecurity firms must also be fast and nimble to anticipate the next iteration of cyber criminal tactics. However, this becomes challenging when supporting organizations utilizing fragmented and legacy technology infrastructures, which at times are not equipped to handle ever-evolving cybersecurity needs. Legacy technology can be one of the most ominous, yet silent, risks for an organization.
It is no longer an option for organizations to operate under the mindset of “Why fix it if it is not broken?” in regard to the resilience of their digital infrastructure. Resilience means taking a proactive approach to cybersecurity and incident response to mitigate impacts and reduce downtime, rather than waiting for an incident to occur. Organizations should use this global incident as a lesson on the importance of resilience, emphasizing that a “wait and see” approach creates more damaging and longer-lasting impacts.
Preparing for the Worst, Hoping for the Best
The ever-increasing digital interdependence of today’s world is both an asset and a liability, and our economic success and stability relies on a digital infrastructure that is only as strong as our weakest link. This interdependence has highlighted the need for an immediate paradigm shift: resiliency must be a priority and it is demanded and expected by stakeholders.
Organizations can prioritize resilience through:
Incident Response and Business Continuity Plans: Incident response and business continuity plans are essential during a cybersecurity incident. These plans should comprehensively define the roles and responsibilities of all critical stakeholders, including relevant third parties, and outline how operations will continue in the event that systems cannot be accessed. Plans should mirror today’s operating context while acknowledging considerations that will be relevant in the future, such as emerging technology like artificial intelligence.
Table-top Exercises: Cybersecurity incident response simulations and table-top exercises help ensure relevant stakeholders understand the specifics of an organization’s incident response and business continuity plans and are prepared to play their role in responding to a cybersecurity incident. Involving the executive team in addition to IT and operational teams in these exercises is crucial for the success of an organization facing an incident. Response plans can also be tested through these exercises by including more technical measures, like simulating a cyber incident and evaluating how systems and teams respond.
Crisis Management: The executive leadership team will ultimately face the brunt of responsibility for a cybersecurity incident and be held accountable for the speed at which their technology and operations teams can resume business operations. Involving leaders in the organization’s proactive cyber incident response (measures/effort), not just large-scale events or crises, will prepare them for this role. Cyber resilience cannot be attributed to just one a function or team; it must start with a commitment from leadership to the company’s employees, shareholders, clients, vendors, and even country in our digitally interdependent world.
With heightened focus from consumers, stakeholders, and regulators regarding organizations’ cybersecurity programs and capabilities, prioritizing cyber resilience is essential. Recent incidents have demonstrated the stark difference in prepared organizations, capable of weathering the storm, and those who are left scrambling to determine a solution. Beyond mitigating cyber risks and limiting impacts, cyber resilience becomes a value-add and market differentiator through a demonstrated ability to proactively respond to and recover from cyber incidents.
Footnotes:
1: “CrowdStrike CEO apologizes for tech outage, says systems should be recovering -NBC,” Reuters (July 19,2024).
Published
August 26, 2024