Your Network Goes Dark. What Should You Do?
Kyung Kim, Head of Cybersecurity for FTI Consulting’s APAC region, looks at the three steps you can take today to reduce the chances of the unthinkable: a paralyzed network and an IT team that can’t be reached.
Companies around the world have seen their workforces relocate en masse from office spaces to home. With this decentralized workforce comes a vast set of new concerns for IT departments. They’re tasked with maintaining the integrity of internal networks and firewalls while a surge of remote employees attempt to log in from afar.
But there’s another tech scenario that sends a shiver down the backs of all companies, from the smallest start-up to the biggest multinational: The network stops responding and the IT team, arguably the most critical of all departments in a moment like this, is inaccessible. Suddenly, employees are left adrift. Employees are unable to do their jobs. Customers are lost. Profits evaporate. Soon, the company is on the verge of going belly up.
That scenario may be an exaggeration. But the consequences of a paralyzed network and an unreachable IT department are why all companies need to have the infrastructure in place so that if the unthinkable does occur, remedial action can begin immediately. The key is to be proactive so you are in the best position to be reactive.
Here are three actions companies can take to be prepared:
Have a “Team B” ready to go.
In 2019, more than 200,000 organizations reported being hacked in a ransomware attack, a 41 percent increase over the previous year. Ransomware attacks are designed to hold a company’s network hostage with a demand for payment to release it. While it might be unusual for hackers to target the IT department itself, it’s always best to have protocols in place for a rapid response to attack, including a backup IT team you can reach. This could be people who have been selected in-house, or it can be an outside cybersecurity firm (or a combination).
Identify the culprit and upgrade the network.
An unresponsive network sometimes results from a technical issue such as hardware failure or a problem at the ISP. However, these are highly unusual. If a ransomware attack does occur, or any other cyber attack for that matter, firms should follow a strict set of protocols: Preserve evidence, conduct a forensic investigation, and identify and contain the bad actors. Following these protocols during the first 72 hours after a cyber incident is critical.
Once malware is contained and the network is restored, IT needs to go back to the drawing board and update and upgrade its operations. They need to make sure their vulnerabilities are mitigated, which can be done through penetration testing, and they need to update their protocols and company policies to reflect their findings.
Train employees to be proactive.
A firm’s cybersecurity is only as strong as its weakest link. That means that employees, the most important and most valuable asset companies have, must be as hypervigilant about protecting their digital identities as IT — even if a company employs an endpoint detection and response (EDR) solution.
Fortunately, the home office is a zone that employees can control and prepare to combat cyber threats. Standard steps include creating and updating passwords for Wi-Fi routers and computers regularly; utilizing multifactor authentication (MFA) across personal devices; and using company-approved virtual private networks (VPNs) for internal communications. Encrypted email solutions are also recommended.
A decentralized workforce has placed an added strain on IT teams everywhere. By having a firm set of protocols in place, companies can mitigate the potentially painful consequences of disruption and give the full enterprise a greater sense of security.
© Copyright 2020. The views expressed herein are those of the author and do not necessarily represent the views of FTI Consulting, Inc. or its other professionals.
Senior Managing Director