The repercussions of a cyber event will create a serious problem for your oganisation long after the initial threat has been discovered and neutralised.
The bad guys are after everything that they can get their hands on that is not theirs. They are also targeting anything and everything that has a link to the digital world.
What does not appear in the glossy brochures relating to the next shiny new product is the vulnerabilities that come pre-configured in these new systems.
I am not being nasty, but the pressures to get things to market are enormous and the first thing that is left in the background is security.
To get systems to market they will cut corners, use insecure code or even “borrow” code from other devices bringing their inherent vulnerabilities to their new product.
The wannacry and petya attacks were both perpetrated against a vulnerability that was patched recently but also has been available in most Microsoft operating systems since Windows XP.
The subsystem targeted allows one computer to communicate with another to share files. There have been a number of vulnerabilities found that have this profile in every operating system.
But what happens if you have succumbed to a cyber event? How do you improve your Business Security?
There are a number of areas you now have to worry about.
- The most pressing is the immediate threat.
- Have they encrypted your files and if so do you have a backup?
- Has that backup been tested?
- If you have a back up how will you restore your information and systems?
- If you have cleaned the system are you sure you have everything?
- What else has been stolen/accessed?
- Never ever EVER pay the ransom! You are dealing with criminals and they cannot be trusted. If you pay there is no guarantee that you will get your data back
- I recommend that you start from scratch, but that’s just me.
Short term tactics:
- Has the event been disclosed,
- Are you required to tell your clients, staff, customers
- Has the disclosure had any effect on reputation, on your finances, on your customers, clients and staff. If so what will you now do?
- I recommend that you do a number of things,
- change passwords,
- monitor credit card, and bank accounts.
- Something that is very important – tell people.
Long term Strategies:
- Not a person for stats but 60% of SME who have a cyber event will shut their doors within 3 months, a further 50% will shut after 12 months and/or they will be a shadow of what they originally were. (Victimless crime – my arse)
- Check your Personal Reputation – use google alerts on your name, business name, trade marks.
- Do a credit check – in some areas you can lock your credit rating, do it!
- Get someone else to check chat rooms, information for sale and the dark web.
Using Business Security to avoid a cyber event in the first place? Avoidance is hard, preparation is easy.
- Have a decent and tested backup of all critical data.
- encrypt critical data both at rest and in motion
- use complex, long and unique passwords,
- PATCH IT ALL,
- penetration testing with minimal restrictions
- Get paranoid, be aware and use common sense.
- Implement a framework (we use NIST),
It is not all doom and gloom, but I can tell you from experience, in the midst of a cyber event, it feels like it.
The best way to counteract a cyber event is to expect to be compromised.