Rohan Langdon from ExtraHop explains how organisations can shore up their defences in preparation for a global outbreak in conflict.
To continue reading the rest of this article, please log in.
Create free account to get unlimited news articles and more!
The sad and inhumane events which have unfolded in Ukraine have reminded people of the physical cost of armed conflict. Thousands of deaths and billions of dollars in damage have occurred and there is no immediate indication of an end.
What has also become clear is that the parameters of modern warfare have changed. As well as being fought on land, sea, and in the air, they’re also increasingly taking place in the digital realm. IT systems, data, and critical infrastructure are being attacked as fervently as cities and towns. Companies of all sizes are at increased risk of attacks from nation-state actors.
ACSC guidance
The Australian Cyber Security Centre (ACSC) has issued guidance for how to stay secure, including a range of technical and operational recommendations such as monitoring for vulnerabilities, patching applications and devices, prioritising monitoring for internet-facing and critical network services, securing inventory, and rapid detection and response to destructive attacks.
These offer clear, straightforward, and actionable recommendations for corporate leaders and executives about how they can best support security teams and prepare their organisations for a worst-case scenario.
Together, they ensure visibility and support for CISOs and SecOps teams, lowering reporting thresholds for threat activity, and testing plans and capabilities around incident response and business continuity. Steps taken now could make a significant difference if cyber attacks occur.
The IT department and the business
However, as the conflict continues, it has never been more important for an organisation’s IT team to have a close working relationship with the rest of the business. Communication must be constant, of high quality, and a two-way process.
Senior managers need to ensure that everyone within their organisation understands the importance of strong cyber security. IT security teams need to be given full support and the level of resourcing they require to effectively carry out their roles.
To ensure this critical, two-way communication pays dividends, there are a number of things that senior managers should do. They include:
- Get fully briefed: senior leaders should take time to be briefed on their organisation's existing security posture. They should strive to understand the current status, including areas of strength and weakness, and any plans underway to strengthen it. Executives should be familiar with the challenges their security teams face and provide them with the resources they need to be successful when it comes to withstanding cyber attacks. Many executives and boards have governance structures that require periodic reporting but building a strong relationship as a baseline can ensure an organisation is prepared for a real event.
- Understand planned responses: executive leadership teams also need to be fully briefed on their organisation’s incident response, crisis management, and business continuity plans. This will help to refresh their understanding of the role that they and their staff will play if an attack takes place. Incident response plans should include assessment of each executive's departmental response readiness, and the results should be reported back to the full executive team.
- Review the entire security infrastructure: it is also important that senior managers assess the security infrastructure that is currently protecting in their organisation. They should work to understand factors such as:
- How often software is updated and policies regarding automatic updates. Deploying patches and updates as quickly as possible is a key part of any security strategy.
- How frequently critical systems and data are backed up, and how those backups are protected from compromise. They should also understand how quickly core systems could be restored in the event of an attack.
- What identity management (IM) and multi-factor authentication (MFA) tools and processes are being used, and whether they are fully operational.
- How the organisation monitors, manages, and protects endpoints, including both traditional endpoints such as servers and PCs, as well as internet of things (IoT) and mobile devices.
- How the IT team is managing the risks associated with the use of public-cloud applications and infrastructure.
- How the organisation's network is secured and what ability is in place to detect, remediate, and investigate potential cyber attacks.
Remember the wider security ecosystem
As senior executives undertake this detailed communication with their IT teams, they should also remember there is a wider ecosystem of parties involved in achieving effective security.
This includes systems integrators, managed services providers, channel partners, and technology vendors. Each brings a different element to the mix and all play an important role in ensuring security is as robust as possible.
The threats posed by cyber criminals are only going to continue to increase. Taking thorough, preventative steps now can help to avoid significant disruption and damage in the future.
Rohan Langdon is the vice president, Australia and New Zealand, at ExtraHop