Media organizations, schools, law firms, healthcare providers, multinational companies, small businesses and government agencies have all been victims of recent cyber attacks.

No matter your business’s size, you are a target for someone. With a worldwide pandemic at our door steps, cybercriminals are now more numerous than ever.  Companies are asking employees to stay and work from home, and they have a threat surface larger than any we’ve ever seen to exploit gleefully.  And they aren’t the only risk to your organization’s assets, either – hardware failure, natural disaster, a lack of onsite vendor support and your own employees can cause just as much damage.

The Global Risk Report ranks cyber attacks in the “Top Five” of highly probability occurring incidents within the next ten years. According to the report, cyber attacks and critical system failures are considerable technological risks to companies and organizations across the globe.

As technology dependencies become more ingrained in company operations, it is essential to institute company-wide best practices for computer security, downloads, and backups in order to secure necessary technologies and communications networks.  A company’s business continuity plan (BCP) should include processes related to critical technologies that may be lost or suspended during an incident. A modern BCP is a vital tool that companies can use to plan for the restoration of normal operations after a business-disrupting incident. Incidents can create a temporary or permanent loss of infrastructure, critical staff, software, and/or vital records.

Identifying the procedural details of having a partner that is hundreds to thousand of miles from you will be an added “air gap” of human safety for your remote workers.  Add to that hosted cloud based backups, data restoration methods, and minimum software requirements are crucial to re-establish technology related critical business processes.

We here at CAS have been providing low-cost Cyber Exercise Programs (CEP) that can assist companies in developing protocols to evaluate their cyber incident preparation, mitigation, response, and recovery capabilities.

Companies should address the following DHS cyber security points to ensure business continuity:

• Ask yourself if 50% of my security staff were not able to work, how would I protect the corporate assets?
• Is cyber preparedness integrated with your current all hazards preparedness efforts?
• Who are your cyber preparedness stakeholders (public, private, non-profit, other)?
• Are cyber security risk-based policies established in your organization?
• Does your organization ensure that service providers and vendors that have access to your systems are following appropriate personnel security procedures and/or practices?
• Does your organization integrate cyber security into the life cycle system (i.e., design, procurement, installation, operation and disposal)?
• Are audits conducted on cyber security systems?
• Are cyber  security plan requirement in place and are they being adhered to?
• Are all systems compliant to company and/or cybersecurity plan requirements?
• Does your organization have an asset inventory of all critical IT systems and a cohesive set of network/system architecture diagrams or other documentation (e.g. nodes, interfaces, and information flows)?
• Upon being notified of a compromise/breach of security regarding an employee:
  • Who is notified?
  • What steps are followed to ensure this individual’s access to facility and/or equipment has been terminated?
  • What steps are followed?
  • Should legal representation be sought and at what point?
  • Who determines if the employee should be held criminally responsible?
• Are there policies (formal and informal) pertaining to removable storage devices?
• What is the priority of cyber preparedness, including cyber security, in your organization?
• What level of funding and/or resources is devoted to cyber preparedness?
• What are your estimated losses if a cyber attack were to terminate system functionality?
• What are your critical business unit software requirements?
• What are the procedures for backing up and restoring data?
• How often are security patches updated?

Cyber exercises Whether they are local or remotely managed are essential tools for organizations to evaluate their cyber incident preparation, mitigation, response, and recovery capabilities. The exercise environment allows stakeholders to simulate real-world situations, to improve communications and coordination, and to increase the effectiveness of broad-based critical infrastructure protection capabilities without the consequences of real cyber event. These types of exercises can also be used to educate employees on technological policies and procedures used to offset cyber attack strategies. DHS identifies two types of exercises that can aid in the advancement of cyber security.

Discussion based exercises:

• Familiarize participants with current agreements and procedures or assist in the development of new plans, how can a managed cyber partner help, agreements, and procedures
• An effective method for bringing together key response team leaders common in mid- to large-scale cyber events
• Easier to conduct, especially when multiple response team leaders participate using a variety of collaboration and video teleconferencing technologies

Operations based exercises:

• Validate agreements and procedures, clarify roles and responsibilities, and identify resource gaps in an operational environment
• May include the use of simulated network environments, “live-fire” events, and active adversary forces to produce realistic scenario inputs and effects
• Generally involve mobilization and response as opposed to policies and procedures

By exercising key areas of conjunction between IT and other corporate response elements, company cyber security and incident response operations gaps and shortfalls can be identified. In order for business continuity, there must be a mutual understanding between IT personnel and crisis managers regarding their respective roles, available resources, and response measure during events caused by cyber disruption.

Discover how you can tackle cybersecurity challenges using SOC-as-a-service by downloading our eBook.

For further information contact us at: info@CherubAS.com or call (407) 416-7955.