Notes from the Tech Council’s 2018 Cybersecurity Summit
We recently attended the Arizona Technology Council’s 2018 Cybersecurity Summit in Scottsdale. As usual, this summit was packed with great information and exciting presenters and panels. We had two key takeaways from this. First, there will always be threats, so you need to be prepared. Second, you need to have a plan for when (when, not if) you get attacked.
Be Prepared for a Cybersecurity Attack
There will always be threats and attacks will happen. Nobody at this conference used the word, ‘If’. It was always, ‘when’, which emphasized the importance of having a good plan in place to protect your business. The key points to being prepared are:
- Those responsible for security need to be leaders. Typically, we’re talking about IT staff. Just like any employees, it can be easy to let the C-level leaders dictate, even dominate, the measures your company is taking. This is why it is important for IT pros to speak up, to be heard and to ensure that leadership understands the risks, even if they seem more focused on sales, efficiency or cost reduction.
- You need a serious, trained Chief Information Security Officer (CISO). Many companies put these responsibilities on an individual who is not qualified to do so. Your CISO, whether it’s an actual full-time role or simply an assigned responsibility, needs to be handled by somebody with the proper training, credentials, and experience.
- Identify key areas most likely to be targeted. We are big fans of checklists. Your CISO should create a cybersecurity checklist which might include the following:
- Budget: a budget has been allocated just for cybersecurity.
- Regular Training: everybody in the company gets training on protecting cyber assets and reacting to attacks; key personnel get technical training and certifications. Put together a response team trained in reacting to an attack.
- Personnel Security: things such as wearing badges, access levels, etc.
- Physical Security: limiting access to sensitive areas and documents, visitor policies, etc.
- Account and Password Management: are policies and standards in place and known?
- Sensitive Data Policies: which data is confidential or sensitive; is it marked, of so, how? How are documents destroyed?
- Disaster Recovery: how will data be backed up and restored in the event of a catastrophe?
- Routine Security Audits: it’s great to have a checklist, but somebody has to enforce it.
Oops! Cyber Attack. Now What?
Since we’re talking ‘when’ a cybersecurity attack happens, companies need to have a plan in place for when that happens, covering everything from public relations to recovering any lost data or other assets.
In the event of a breach, you will need to take two major steps. First, minimize any ongoing damage and alert your contacts. Second, begin to take steps in learning from the attack and implementing changes to help prevent the next one.
Minimize the Damage
- Mobilize your response team, per your checklist.
- Engage with law enforcement. Often, these attacks can be part of a larger attack that presenting a national security threat. Either way, law enforcement needs to know, and they can often help inform potential victims.
- By ‘minimizing’ damage, we mean data damage, not egos. Make sure to start informing anybody affected as soon as is warranted, so that they can start to take their own measures. It can take years for stolen data to appear on the dark web, so your contacts need to start changing passwords and protecting accounts immediately.
- Start patching and protecting other existing systems. It may not be immediately obvious where the attack occurred or what systems were affected. Begin installing updates and patches.
- Immediately inventory and check key assets, including bank accounts, client data, and intellectual property.
- Reroute any blocked or degraded network traffic, especially in the case of denial of service attacks.
- Finally, address any legal or regulatory requirements specific to your industry and data protection.
Prevent the Next Cyber Attack
Once you have the situation under control, you’ve taken inventory of the situation and alerted key people, it’s time to learn your lessons to help prevent the next attack. Write up a report for leadership and the response team, including the following information:
- What happened, including the impact on the business. Provide as accurate a timeline as you can of the events leading up to the attack, the attack itself, and your response. You need to try and identify the motivation of the attacker, when possible. Was this a ‘script kiddie’ just having fun, or was this financially or politically motivated?
- How it happened. What vulnerabilities were exposed and what methods were used to expose those openings?
- Corrective action taken. What has been done to plug the holes and repair any damages?
- How it will be prevented in the future. What additional measures need to be taken to prevent future attacks?
- Additional resources required. This is the perfect time to request additional budget and resources, by the way.
Thanks go to the Arizona Technology Council for putting on this great Cybersecurity Summit. The panel experts shared very important and valuable information. Cyber attacks are going to happen, so your company needs to be prepared. The people responsible for implementing cybersecurity measures need to step up and take a leadership role; otherwise, they’ll be remiss and responsible for any damage that occurs in the next attack. Your designated CISO needs to be a trained professional who implements and follows up on a good security checklist. Additionally, you need to be prepared to react to an attack: minimize the damage, protect assets and people, and learn lessons to help prevent future attacks.
Finally, a quick note on insurance and password protection. At Ping! Development, we carry the insurance we need to protect our clients in the case of a breach, whether it’s a breach in code or hardware infrastructure. Having the right insurance is a must. Talk to your insurance pro about your specific needs. Also, when it comes to password security, it was near-unanimous that LastPass is the best solution. They have never been breached, and their solution helps businesses (and individuals) protect key assets by using today’s best encryption and password policies.
Still have questions about security for your software and your business?