How to best prepare your Company for a Cyber Attack

by Marco Tapia

in management-it-consulting,

October 31, 2016

1
With more and more high profile cyber security incidents being made public, awareness of the importance of cyber security continues to steadily increase. The Government via its Australian Cyber Security Centre (ACSC) has released a comprehensive report highlighting the threats we face and what we should be doing about them.
We thought it could be of interest if we provide you with a summary of it.
The Australian Government has defined cyber attack as a deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity.
Cybercrime remains a pervasive threat to Australia’s national interests and prosperity. Australia’s relative wealth and high use of technology such as social media, online banking and government services make it an attractive target for serious and organised criminal syndicates. Lucrative financial gains by serious and organised crime syndicates ensure the persistence of the cybercrime threat. Ransomware, credential-harvesting malware and DDoS extortion continue as the predominant cybercrime threats in 2016.
The private sector and Australian industry is persistently targeted by a broad range of malicious cyber activity, risking the profitability, competitiveness and reputation of Australian businesses. The spectrum of malicious cyber activity ranges from online vandalism and cyber crime through to the theft of commercially sensitive intellectual property and negotiation strategies. The ongoing theft of intellectual property from Australian companies continues to pose significant challenges to the future competitiveness of Australia’s economy. In particular, cyber espionage impedes Australia’s competitive advantage in exclusive and profitable areas of research and development – including intellectual property generated within our universities, public and private research firms and government sectors – and provides this advantage to foreign competitors.
The incidents (2015-16) affecting Systems of National Interest and Critical Infrastructure are broken down by sector in the following figure:
2

 

Preparing for and responding to cyber security incidents
In cyber security, prevention is better than a cure. However, in the ACSC’s experience providing incident response, relatively few organisations sufficiently planned or prepared for a significant cyber security incident. The effective management of an incident can greatly decrease the severity, scope, amount of damage and therefore cost of a cyber security incident.
Planning and Preparation
• Have monitoring in place to assess your environment for cyber security threats.
• Have processes in place to detect when an incident may have occurred.
• Assign primary responsibility for incident response in your organisation.
• Have an up-to-date and regularly tested incident response plan and business continuity plan.
• Have up-to-date documentation such as System Security Plans and Standard Operating Procedures.
• Maintain a current security risk management plan for information security systems.
• Know if agreements with contracted IT service providers have arrangements in place for incident response, and understand what type of support you can expect.
• Identify your critical systems.
• Identify key stakeholders including communications and legal.
• How easily and quickly can you access resources key to mitigating an incident? (For example, system managers, technical experts, Internet Service Provider, system logs and physical system infrastructure).
• Have an up-to-date after hours contact list for key personnel and external stakeholders
• Have the ability to identify and isolate an affected workstation or server
Reporting
• Understand your legislative requirements and obligations for incident reporting.
• Have procedures in place to provide information and reporting to relevant parties during an incident.
• Be familiar with the Cyber Security Incident Reporting process to the ACSC (available on the ACSC’s website). Early reporting of significant cyber security incidents to the ACSC will enable the triage, mitigation and containment of the threat, if required. Reporting cyber security incidents also assists the ACSC in developing an understanding of the threat picture for Australian information system networks, and subsequently, enables the delivery of comprehensive cyber security advice relevant to such networks.
The complete report (Cyber Threat Report by the Australian Cyber Security Centre (ACSC) can be found at: ACSC 2016 -Threat Report
 
Marco Tapia
PicNet