After a year of accelerated digital transformation and increased cyber-attacks, it’s time for organisations to plan their Cyber Security Strategy and Roadmap for 2021 with critical security lessons in mind.
This year has seen accelerated digital transformation of businesses, in particular retail, education and healthcare. With the rapid unplanned shift to digital channels and changes in consumer and business behaviour, a cyber criminal’s playground has just expanded.
2020 cyber attacks
Example types of 2020 cyber-attacks include:
- Phishing: remote working staff have been even more susceptible to phishing attacks, according to Ireland’s National Cyber Security Centre. With cyber criminals quickly capitalising on the human fear element surrounding Covid-19 and singling out business services that are currently under stress;
- Ransomware: attacks became more common. UK’s National Cyber Security Centre reported handling three times as many ransomware incidents from 2019. With attackers threatening to do more than just lockdown systems, but embarrass victims by disclosing sensitive details if they don’t make payment; and
- Credential Abuse: according to Akamai, credential stuffing spiked during September with cyber criminal’s targeting application programming interfaces an organisation provides about its customers’ accounts and payment transactions to obtain usernames and password lists.
Current cyber security challenges
Digital transformation changes an organisations’ cyber security threat and risk landscape. Current cyber security challenges faced by organisations include:
- Critical information assets (e.g. bulk sensitive personal data or public-facing web-site) could be targets of attack are not prioritised for investment
- Motivations of cyber criminals and type of cyber threats are not fully understood
- Incident response teams taking too long to reconstruct cyber-attacks and take action to stop them
Regardless of the type of nefarious activity an organisation may face, if a cyber threat materialises, a security incident can have a significant impact on an organisation in terms of cost, productivity and reputation. Being adequately prepared to detect and quickly respond to the changing nature of incidents will help to stop an attacker from inflicting further damage.
With the new year approaching, it’s time to plan your Cyber Security Strategy with these critical security challenges in mind. The strategy should ensure alignment between threat intelligence activities and business risks. Key activities will need to cover:
- Identify critical information assets which are essential to business operations, including underlying infrastructure.
- Collect information on adversaries’ motivations and intentions. What type of attacker may target your most valuable information assets? Whilst most of the bad guys want to make money, whether stealing personal data, bringing down a website or shutting down critical services, their intentions will vary.
- Develop knowledge of cyber criminals tactics which includes; malware and tools for sale, sale of personal data and exchanges of new exploits.
- Evaluate current effectiveness of systems security, including policies, processes, security training and staff capabilities to monitor, detect, analyse and respond to cyber-attacks. The largest gaps in defences to protect critical information assets should be prioritised in the roadmap for improvement.
- Prepare a strategic cyber security roadmap which outlines each recommendation detailing:
- the effects of losing or impairing the asset in costs, revenue losses, fines, reputational damage
- likely adversary who have attacked similar organisations
- current deficiencies in defence layers
- associated technical and business risks
- amount to be invested and its associated benefits
Test response plan
Cyber-attacks can impact an organisation of any size, and will often occur at a time that catches everyone off guard. Under pressure, an individual’s decision making can become clouded. Scheduling a tabletop exercise with senior management and key operational staff to understand the realities of how a cyber incident would impact an organisation is critical. It will ensure everyone has a clear understanding of their role in responding to a cyber-attack and the organisational response, especially Board members who would likely be representing the organisation in the media.