Failure is not an option. This was NASA’s motto for the Apollo space and moon missions in the last century. It could well be the motto for organizations today, in the context of cyber readiness. We have an experts opinion on what organizations need to do to prepare for cyberattacks.
In an interview with Brian Pereira, Editor-in-Chief of CISO MAG, Le Nguyen Truong Giang, Global Security Operations Lead and Security Transform Consultant, outlines the various reasons why organizations let their guard down and fail to prepare for a cyberattack. He also offers recommendations on what to include in the incident response plan.
Edited excerpts of the interview follow:
Can you comment on the general state of cybersecurity awareness and state of readiness for a cyberthreat?
In the past, there were many statements like cybersecurity is a shared responsibility or cybersecurity in the workplace is everyone’s business. But most stakeholders didn’t know much about cybersecurity; they did not do enough to protect the business’ information assets. However, the increased volume of cyberattacks is a significant warning that every business is at risk of a cyberattack; they could be victims of a cyber attack or breach. As the result, there are collaborative efforts between government and industry to raise awareness about the importance of cybersecurity and to ensure that all stakeholders have the resources they need to be safer and more secure online. According to many data breach investigation reports, most cyberattacks were traced back to human errors. Obviously, CEOs, business directors, and managers want to keep their data safe or protect their business’ information assets against cyberthreats, so they have to educate their colleagues and create a workplace culture surrounding cybersecurity awareness.
In my opinion, most organizations have already acknowledged business risks related to cyberattacks; but they lack the ability somehow to identify, prevent, detect and respond to cyberthreats. They are facing many difficulties, not only due to limited budgets for technology investment, lack of well-defined processes for building and optimizing, and also skilled security personnel.
What are some of the common causes for a failure to prepare for cyberattacks? Should this be blamed squarely on the leadership?
There are some common causes for a failure to prepare for cyberattacks. Organizations fail to set a top-down strategy to manage cyber and privacy risks. They fail to apply a governance framework to implement and monitor their controls. Senior leaders fail to engage or support cybersecurity programs; they fail to identify areas to prioritize technology investments; they fail to recruit a cybersecurity leader who has a deeper understanding of the complexity of cybersecurity.
The person they recruit must be capable of leading a team and managing cybersecurity programs that align with cyber risks and business requirements.
Business leaders also fail to create a culture surrounding cybersecurity awareness that benefits the entire organization. Further, undefined or not so well-defined processes could be a recipe for failure as well.
Of course, we should not blame it squarely on the leadership because cybersecurity is a shared responsibility; cybersecurity in the workplace is everyone’s business. However, leadership plays a crucial role in creating a robust plan for countering a cyberattack.
What are the steps to prepare a robust incident response plan or IRP?
Even though each business follows a different incident response plan, all IRPs possess the same fundamental components as they go through the same six-phase process. Each of these phases deals with a few specific areas of requirement, which must be fulfilled to create an effective incident response plan for your organization. These phases or steps are preparation, identification, containment, eradication, recovery, and lesson learned.
For instance, IBM Security prescribes six steps to build a robust incident response function:
- Step 1 – Understand your threats, both external and internal
- Step 2 – Build a standard, documented, repeatable IR plan
- Step 3 – Proactively test and improve IR processes
- Step 4 – Leverage threat intelligence
- Step 5 – Streamline incident investigation and response
- Step 6 – Orchestrate across people, process, and technology
Source: IBM Security
To ensure the success of the plan, firstly, we must have support from C-suite executives or key stakeholders who can empower the incident response team to act quickly and confidently during a crisis. Secondly, we must define roles, responsibilities, and processes for incident responding. Lastly, we must have technologies and partnerships to enable autonomous and quick action.
About the Interviewer
Brian Pereira is the Editor-in-Chief of CISO MAG. He has been writing on business technology concepts for the past 27 years and has achieved foundational certifications in cloud computing (IBM) and cybersecurity (EC-Council).