editor ’ s question
?
W e ’ ve worked on several post-incident recoveries within our own organisations and assisted in many , many more externally .
Companies often forget about the reputational damage that can be caused by cyberattacks , which has a major impact on customer / consumer confidence as well as supply chain , partner , market – and ultimately , shareholder confidence .
When a publicly-listed company suffers a large-scale breach , its share price typically suffers a protracted hit which can last for years .
A cyberattack also has a serious and immediate business impact on an organisation . It may be forced to take systems offline , for instance , and while it might be able to get cyber insurance to cover some downtime , it is unlikely to extend to the actual downtime suffered , which can run into days or even weeks . We saw this when the NHS was hit by Wannacry in 2019 , forcing the cancellation of 19,000 appointments and ultimately costing £ 92 million .
With organisational breaches , everything starts with a weak or stolen password , or the exploit of misconfigurations or vulnerabilities . Once inside , attackers move laterally . Understanding this lateral movement and the full extent of the breach requires specialist computer and network forensic analysis – neither of which come cheap .
With organisational breaches , everything starts with a weak or stolen password , or the exploit of misconfigurations or vulnerabilities .
Advanced Persistent Threats , by definition , are multi-layered . Organisations often identify what appears to be a malware infection , affecting a number of endpoints , isolate them , bare metal rebuild them , and move on . Deeper ATP layers then activate –
RICHARD WALTERS , CTO OF CENSORNET either manually or timed – which go entirely unnoticed . This is why some attacks persist over many years .
This points to the extent of the hidden cost that is only realised up to a decade later .
Post-incident , some additional controls are almost inevitably going to be needed to prevent an exact reoccurrence of an attack , or a variation on a theme . If you ’ re lucky , this will mean deploying additional controls in the form of one or two security point products . However , it could also require major network , architecture or application surgery .
In an era where attacks are not just likely , but a certainty , businesses should make sure they have a crisis plan . If the building gets flooded or a massive power outage wipes out office systems for days on end , most organisations will know what to do . A similar plan should be in place for an e-crisis . u
In an era where attacks are not just likely , but a certainty , businesses should make sure they have a crisis plan .
30 www . intelligentciso . com