Making your business resilient during and after cyberattacks
Published on 28/02/2022 in Tech, tips & tricks
Cybersecurity is taking a back seat to cyber resilience. Today, companies are proactively working to prevent threats and reduce their impact. Wouter Vandenbussche, Proximus Cybersecurity Product Owner, explains how organizations take this on.
The cybersecurity strategy path to change
The number of companies taking a more mature approach to cyber threat prevention and mitigation is growing. These days, organizations are more aware of the specific threats posed by cyberattacks. Instead of just looking at how to protect themselves, they need to know what must be done to get their business back on track as quickly as possible after something goes wrong. “Change is clearly happening, something we’ve noticed among our customers too,” says Wouter Vandenbussche, Proximus Cybersecurity Product Owner.
“Back in the day, companies were just happy to have an antivirus solution and a firewall in place. Fortunately, they now take a much more involved approach. They have a better idea of who to notify and contact when an incident occurs, and they know where their critical data and backups are, and whether they should issue a press release, etc.” Companies that aren’t that far along yet and want to bolster their cyber strategy should start by mapping their digital footprint. That means looking at things like company networks, servers, cloud storage, mobile devices, and social media.
A Cybersecurity Incident Response Team (CSIRT) is like a fire department;
it’s available 24/7, and when a cyberthreat or incident occurs you can alarm and ask the CSIRT to come and put out the fire.
“Businesses aren’t always 100% sure where their information is, who has access to it, what kind of data they have, or what certain devices and systems can do,” says Vandenbussche from experience. “So that’s the first thing we tackle with new customers. We map their digital environment, highlight their strengths, and make recommendations on what could be improved to boost their cyber resilience and reduce the risk of incidents. That process underscores what they can do to mitigate the impact of an attack, otherwise known as cyber resilience.”
Just because a company invested in cybersecurity three years ago doesn’t mean that it’s still secure today.
Wouter Vandenbussche, Proximus Cybersecurity Product Owner
Define a strategy
Then we define the company’s digital crown jewels and the critical points in the company’s digital landscape. For example, we look at how serious it would be if a certain application went offline, or if critical data or patents were stolen. The next step is to increase security for business-critical assets to isolate incidents as much as possible and reduce the likelihood of the entire company grinding to a halt.
Developing a strategy is essential to cyber resilience. That way, the company knows exactly what to do to mitigate the impact of a successful attack and ensure that the organization’s key processes and data remain available or are restored as quickly as possible.
Obviously, an organization also has to be capable of rapidly detecting incidents when they occur. That way the strategy can be put into action. This is security monitoring territory.
Prevention isn’t enough. Data monitoring is crucial for detecting anomalous behavior. Find out how on the “Digitalks” podcast, where we discuss it in detail.
The rise of smishing
Staying on top of cyber resistance and resilience is a never-ending cycle for businesses. It requires constant updates and adjustments. “We are constantly seeing hackers come up with new, ingenious attack methods,” says Vandenbussche. “There’s a huge surge in smishing right now, for instance, where hackers send misleading text or WhatsApp messages to gain information from or access to company systems.”
Annual cyber resilience and resistance audits
Hackers have access to the same technologies as companies, and they’re turning to artificial intelligence and machine learning to automate their attacks. “It’s an endless game of leapfrog, with hackers relentlessly testing new methods to achieve their nefarious goals and companies trying to maintain up-to-date security. That means that companies have to evolve and review their security measures at least once a year to enhance or expand where necessary. This includes testing their strategy, e.g., by conducting an annual disaster recovery exercise,” according to Vandenbussche.
“In some respects, you could compare it to fire insurance. That also requires a regular review of what is and isn’t covered and whether the coverage is still sufficient. Regular fire drills also need to be conducted, and the fire alarms have to be tested. Just because you invested in cybersecurity three years ago doesn’t mean that you’re safe indefinitely.”
Leapfrog ahead of cybercriminals with new insights and solutions.
Vandenbussche advises companies to get the most out of their security infrastructure: “Customers often purchase fantastic infrastructure but only use a fraction of its features. For example, multifactor authentication comes as standard with some firewalls, but more often than not the feature isn’t activated.”
Staying on top of cyber resilience is a never-ending cycle for businesses.
Wouter Vandenbussche, Proximus Cybersecurity Product Owner
Humans: the weakest link
Where cybersecurity is concerned, humans are frequently the weakest link. Careless employees clicking malicious links or responding to phishing messages often unintentionally give hackers access to data and systems. This requires both technological and human solutions: “From a technical perspective, security solutions should prevent the majority of malicious emails and links from ever reaching a company’s employees,” Vandenbussche says. “In addition, awareness-raising campaigns can also help. That could, for instance, mean staff cybersecurity training or simulated cyberattacks.”
Cyber security drills
A growing number of organizations are opting for cyberattack simulations to train their employees, test their digital threat strategy in real life, and enhance it where needed. “For example, a wave of fake emails could be sent out to all employees to see how they react, whether they do or don’t mindlessly click on them,” Vandenbussche explains.
“The results are shared with employees afterward, along with a series of tips and tricks such as how to distinguish fake from real messages and avoid clicking malicious links.” But it could also be more ambitious, e.g., not informing company personnel before conducting a DDoS or ransomware attack simulation. “This allows you to find out how everyone — individually and as a team — responds, and whether the cyber incident strategy is being consistently followed, etc. As with company fire drills, it’s a good idea to do this annually for security.
Proximus applies these tactics in house and also offers them to customers. “Those practical training exercises keep everyone in the company on their toes,” Vandenbussche concludes. “This kind of stress test reveals what could be done even better at the company in the event of a real cyberattack. They learn whether their attack detection is fast enough and can then respond accordingly.”
Measuring cybersecurity maturity
Vandenbussche sees cyber resistance and resilience as a cycle. Companies need to constantly assess and anticipate potential events, their level of security, and what they should do when different incidents occur. “It’s an ongoing process of self-improvement and strengthening measures. For example, we measure company cyber maturity on a scale of 0–5. Customers can then gradually advance to a higher level. Naturally, we do this in consultation, because aiming for the maximum level demands significant time, material, and resources. In the end, we arrive at a workable solution, tailored to the customer’s needs.”
How can we help your business?