Specialists agree each breach is unique, but every business should prepare an emergency plan.
Preparation and speedy response key to cyber protection, experts say
The fundamentals of preparation and speed of response remain key to cyber security despite heightened concerns in the wake of the Optus hack, say security specialists.
Technical solutions director at cyber security company Bitdefender Martin Zugec and Jonathon Englert, founder of cyber security response firm RedPhone Cyber, stressed that best practice remained unchanged.
Mr Zugec said businesses should stick to what they were doing in terms of security, with the speed of response still key.
“The best practices and recommendations are really the same as before — the best protection against modern attacks is to implement the defence-in-depth architecture,” he said. “Start with reducing the attack surface, combined with automated prevention controls to prevent most of the security incidents.”
“Threat actors are relying on slow adoption of detection and response capabilities, especially by small and mid-sized companies.”
Defence-in-depth security architecture is based on controls that are designed to protect the physical, technical, and administrative aspects of a business's network and includes elements such as network security controls, antivirus software, analysing data integrity, and behavioural analysis.
Mr Zugec said a data breach is similar to any other type of incident in that preparation before the event — so the business knows how to react — was key.
“Preparation and practice is critical. A security incident is not necessarily a disaster, and contrary to popular belief, security breaches (with confirmed disclosure, not just potential exposure) are preventable,” he said.
“Each breach and response to it is unique, and it is important to prepare the emergency plan before the incident happens instead of improvising.”
“If you don’t have an emergency plan ready and you discover a security breach, the best approach is to contact a trustworthy third-party to help with mitigation.”
Mr Englert said managing an incident and the response to a breach needed to be planned and not extemporised.
“From a non-technical perspective, I would say post-breach take a deep breath and don’t rush into the wrong response,” he said.
“One key thing to remember is that you probably don’t know the full scope of the incident yet (for example, the number of records taken).
“For this reason, communicating honestly but with a measured approach that takes this into account while also understanding that you don’t want to unduly alarm stakeholders.”
Mr Zugec said all businesses would have to contend with cyber attacks in the future.
“Over the last few years, we have seen an increase in hybrid attacks — this is a combination of an opportunistic attack where the initial breach is fully automated with then a transition to hands-on hacking for later stages of the attack,” said Mr Zugec.
“All companies are potentially interesting to threat actors — very often, you are not an interesting target because of what you have (data that can be encrypted or exfiltrated), but for the connections that you have.”
“Threat actors are looking for ways to upscale an attack ... for example if you are a contractor or part of the supply chain of a larger organisation, this can lead to a compromise of your business partners.”
As individuals become increasingly concerned regarding personal data being stolen from companies, Mr Englert said reassuring clients and stakeholders of their data security required confidence in the firm’s data protection policy.
“Clear, confident and genuine communication is necessary and it should be backed by a sound data security policy,” said Mr Englert. “One key is to emphasise cyber realism — breaches are common and they happen to organisations that are going beyond best practice to protect themselves and their stakeholders.”
“In my experience, the vast majority of people accept that there is no certainty in a digital age and most will accept you are doing the best you can.”
“And a key element is ensuring that if you do have a general data breach, you never unevenly notify stakeholders.”
Comments powered by CComment