PublisherSol Minion Developmenthttps:https://assets.solminion.co/logo.svgPublished
May 21, 2018
Notes from the Tech Council’s 2018 Cybersecurity Summit
We recently attended the Arizona Technology Council’s
2018 Cybersecurity Summit in Scottsdale. As usual, this summit was
packed with great information and exciting presenters and panels. We had
two key takeaways from this. First, there will always be threats, so
you need to be prepared. Second, you need to have a plan for when (when,
not if) you get attacked.
Be Prepared for a Cybersecurity Attack
There will always be threats and attacks will happen.
Nobody at this conference used the word, ‘If’. It was always, ‘when’,
which emphasized the importance of having a good plan in place to
protect your business. The key points to being prepared are:
Those responsible for security need to be leaders.
Typically, we’re talking about IT staff. Just like any employees, it
can be easy to let the C-level leaders dictate, even dominate, the
measures your company is taking. This is why it is important for IT pros
to speak up, to be heard and to ensure that leadership understands the
risks, even if they seem more focused on sales, efficiency or cost
reduction.
You need a serious, trained Chief Information Security Officer (CISO).
Many companies put these responsibilities on an individual who is not
qualified to do so. Your CISO, whether it’s an actual full-time role or
simply an assigned responsibility, needs to be handled by somebody with
the proper training, credentials, and experience.
Identify key areas most likely to be targeted. We are big fans of checklists. Your CISO should create a cybersecurity checklist which might include the following:
Budget: a budget has been allocated just for cybersecurity.
Regular Training: everybody in the company gets training
on protecting cyber assets and reacting to attacks; key personnel get
technical training and certifications. Put together a response team
trained in reacting to an attack.
Personnel Security: things such as wearing badges, access levels, etc.
Physical Security: limiting access to sensitive areas and documents, visitor policies, etc.
Account and Password Management: are policies and standards in place and known?
Sensitive Data Policies: which data is confidential or sensitive; is it marked, of so, how? How are documents destroyed?
Disaster Recovery: how will data be backed up and restored in the event of a catastrophe?
Routine Security Audits: it’s great to have a checklist, but somebody has to enforce it.
Oops! Cyber Attack. Now What?
Since we’re talking ‘when’ a cybersecurity attack happens,
companies need to have a plan in place for when that happens, covering
everything from public relations to recovering any lost data or other
assets.
In the event of a breach, you will need to take two major
steps. First, minimize any ongoing damage and alert your contacts.
Second, begin to take steps in learning from the attack and implementing
changes to help prevent the next one.
Minimize the Damage
Mobilize your response team, per your checklist.
Engage with law enforcement. Often, these
attacks can be part of a larger attack that presenting a national
security threat. Either way, law enforcement needs to know, and they can
often help inform potential victims.
By ‘minimizing’ damage, we mean data damage, not egos. Make sure to start informing anybody affected as soon as is warranted,
so that they can start to take their own measures. It can take years
for stolen data to appear on the dark web, so your contacts need to
start changing passwords and protecting accounts immediately.
Start patching and protecting other existing systems.
It may not be immediately obvious where the attack occurred or what
systems were affected. Begin installing updates and patches.
Immediately inventory and check key assets, including bank accounts, client data, and intellectual property.
Reroute any blocked or degraded network traffic, especially in the case of denial of service attacks.
Finally, address any legal or regulatory requirements specific to your industry and data protection.
Prevent the Next Cyber Attack
Once you have the situation under control, you’ve taken
inventory of the situation and alerted key people, it’s time to learn
your lessons to help prevent the next attack. Write up a report for
leadership and the response team, including the following information:
What happened, including the impact on
the business. Provide as accurate a timeline as you can of the events
leading up to the attack, the attack itself, and your response. You need
to try and identify the motivation of the attacker, when possible. Was
this a ‘script kiddie’ just having fun, or was this financially or
politically motivated?
How it happened. What vulnerabilities were exposed and what methods were used to expose those openings?
Corrective action taken. What has been done to plug the holes and repair any damages?
How it will be prevented in the future. What additional measures need to be taken to prevent future attacks?
Additional resources required. This is the perfect time to request additional budget and resources, by the way.
Conclusion
Thanks go to the Arizona Technology Council for putting on
this great Cybersecurity Summit. The panel experts shared very important
and valuable information. Cyber attacks are going to happen, so your
company needs to be prepared. The people responsible for implementing
cybersecurity measures need to step up and take a leadership role;
otherwise, they’ll be remiss and responsible for any damage that occurs
in the next attack. Your designated CISO needs to be a trained
professional who implements and follows up on a good security checklist.
Additionally, you need to be prepared to react to an attack: minimize
the damage, protect assets and people, and learn lessons to help prevent
future attacks.
Finally, a quick note on insurance and password protection.
At Sol Minion Development, we carry the insurance we need to protect our
clients in the case of a breach, whether it’s a breach in code or
hardware infrastructure. Having the right insurance is a must. Talk to
your insurance pro about your specific needs. Also, when it comes to
password security, it was near-unanimous that LastPass
is the best solution. They have never been breached, and their solution
helps businesses (and individuals) protect key assets by using today’s
best encryption and password policies.
Still have questions about security for your software and your business?