Are you scared of cybercrime?
IAM. Both as an individual (with a bank account and a credit card) and a management member in two companies.
I am aware that I am not alone. There is plenty information in the news that a lot of people are not only scared, many businesses and individuals have already been attacked and lost money and essential data! And let’s be clear: there are more and more hackers around waiting to attack!
Why? What is happening to us?
BEFORE the pandemic we already shared personal data and privacy. However, the pandemic has changed the way we live, shop and pay. Because of the acceptance of digital transformation, we live with the fact that we must share personal and company information. The consequence: cybercriminals made and make a killing. No business is safe, and individuals have suffered equally.
When a malicious actor attacks an enterprise, IT and security must work together in order to respond —quickly and effectively.
But how does that work? It depends on the organizations, how the IT and security departments work together and how much planning has been done in advance.
Cyber security is one of the most difficult aspects of running a business. While no amount of advance planning can prevent every cyber- security incident, planning can help mitigate the results.
Instead of trying to figure out what role IT plays while a cyber- security incident is happening, running through potential scenarios or even a made-up attack in advance can ensure that security and IT are working in tune in case the worst happens.
Who does what during a cyber- security attack is determined by each organization individually. At smaller companies, IT and security teams might be close enough to share the same budget. In those situations, a smaller team can work together as one department because that’s essentially how they’ve functioned in the past. For bigger operations, a security team typically sets policy.
While the IT role depends on the enterprise, most likely the team will be responsible for the data backups—which hopefully exist.
While the incident response team is focused on the area that has been attacked, IT needs to start looking at backups immediately and confirm if they have them. IT also needs to locate offsite backups and confirm that they have also not been infected.
Tech leaders can then identify which portions of the network haven’t been attacked and assist with restoring data and/or rolling back activities to the last good state backup that you know is clean.
IT and cyber security may snip at each other during an attack. It’s a tense situation and the fallout could cost not just millions in losses, but a CIO and/ or CISO their jobs.
This should be treated like a corporate crisis by the entire enterprise and, depending on the size of the organization, that means the response should be part of overall crisis management coordination.
Instead of just letting the security team run with it, you need an overarching crisis management team that’s coordinating all the work streams.
Organizations should put in the time to create customized plans instead, outlining the roles of everyone, including IT and cyber security, and who is going to resolve disputes between the two.
The best way to cut down on both the timeline and cost of a cyber-security attack is to prepare before it even happens. See my last paragraph!
Instead of saying who will do what, tabletop exercises are recommended, so it’s not just talking about how they’re going to do it but also practicing that communication channel.
If an enterprise hasn’t done a tabletop exercise while employees are working remotely, it’s worth doing one while the work force is scattered, even if plans call for most people to be back in the office sometime this year.
A lot of time these incidents don’t happen between the hours of eight and five. They’re usually on a weekend. Most likely people are going to be communicated in that kind of (remote) way.
While I highlighted some ideas of how to react to the malicious work of hackers, the more important question is: how do we avoid cybercrime through cyber security preemptive measures? This is the focus of a webinar that is coming up later this month— on April 28 and 29 to be more specific. The facilitator is Geronimo Sy, a former assistant secretary of the Department of Justice. He shepherded the Data Privacy Act and the Cybercrime Prevention Act into law as part of his overall advocacy to protect online space for individuals and organizations. He is also a law professor and lecturer. In other words, if you are scared of cybercrime, like me, I highly recommend you attend this webinar. The investment in the paid webinar may be a small token if it prevents you or your organizations to be attacked.