What Happens When You Get Hit By A Cyber Attack

October 21, 2021

Information Security

On September 15, 2021 Noord hosted a virtual boardroom in association with Blackberry. The event, which was led by Roger Sels, VP of Solutions at Blackberry, involved a discussion among senior IT professionals on enhancing preparedness for cyber attacks.

 

Reasons for attending

Attendees were asked to state their reason for attending and a key challenge faced by their organisation. They came from a range of professional backgrounds, including policing, advertising, telecoms, manufacturing, aviation, banking, pensions and insurance and healthcare. They brought varied expertise in security architecture and engineering, software engineering, data governance and management, IT security analysis, security risk and compliance and cyber security. Many were keen to learn from others and take learning points back to their organisation.

One attendee representing an aviation company said that a key challenge was ensuring the continuity of IT systems, which was crucial to ensure that its cargo planes stayed airborne. Another participant from a global advertising agency stated that as their organisation’s incident response strategy was dictated by its parent company, their role involved joining the dots between the central response and management unit and local teams across the organisation. In addition, a representative from a large commercial bank said that the move to Open Banking was presenting unique challenges as it was becoming increasingly difficult to distinguish a genuine FinTech company from a fake one established by well-funded cyber attackers, leading to the need for zero trust in vendor relationships and staff connectivity.

 

The impact of remote working on cyber attacks

The general consensus was that attacks of all kinds had increased in the wake of the shift to remote working, including attacks based around credential stuffing, phishing and smishing. Many felt that the pandemic had presented an opportune moment for cyber hackers to take advantage of organisational weaknesses, particularly as some cyber security processes had initially fallen to the wayside as organisations grappled with enabling hybrid working while maintaining business as usual. One participant noted the increasing risk posed by outsourcers in the supply chain, which were easier for cyber criminals to target and offered a “backdoor” route into larger companies.

The point was made that many companies were easily undone by very simple attacks, mainly due to their failure to test and exercise response plans and implement education and awareness pieces with staff, including through security champion initiatives. In addition, it was noted that the time taken for hackers to reverse engineer patches and find vulnerabilities had become much shorter, meaning that organisations were struggling to react in time. In particular, security infrastructure tends to get patched very late, which means that the firewall, VDI environment and VPN concentrators have all become stepping stones for attacks. Bring-your-own-device policies presented additional vulnerabilities, along with the reduced ability to monitor employees working from home.

One representative from the public sector noted that government ministries tend to be quite siloed in their approach, which meant that ensuring a coordinated response to attacks was challenging, particularly as cyber criminals are incredibly innovative and the sector in general suffers from massive skills shortages. However, there were some positives that had arisen from the pandemic: one attendee noted that their organisation had recruited dedicated cyber analysts in response to the increase in attacks and had been able to uncover historical attempts to breach systems, while another said that it had become easier to make the case to the board for spending on cyber security.

 

Attack detection and monitoring

Roger noted that some attacks are so sophisticated and indirect that an organisation has no visibility of them. For example, some employees have reported highly sophisticated phishing attacks on their private email accounts, with content tailored to their hobbies and interests and fake apps and websites all operationally and geographically segregated, making them more difficult to trace and detect. One participant noted that employees therefore need to be trained as the first line of defence, with security champions within each team acting as the starting point for the education process.

 

Reporting an attack: balancing reputational damage and operational risk

Participants discussed the importance of sharing information to understand trends and key sectors being targeted, particularly as smart targeting can be very subtle. They suggested sharing information with peer networks and law enforcement agencies, including through the CiSP platform run by NCSC. However, one attendee did feel that while they wanted to share best practice, there was pressure from high-level executives to conceal any breaches for fear of reputational damage.

The practice of database seeding was raised as an effective preventative tool. In that connection, one participant mentioned an innovative solution which seeds customer data with trackable records and detects whether those seeds have been exposed to external systems, thus reducing the costs of incidents and providing reassurance on the effectiveness of an organisation’s security programme.

 

Playbooks to mitigate potential scenarios

Roger underscored that playbooks allow organisations to provide reassurances to the board that they can detect and prevent or mitigate cyber attacks, including through simulation exercises in which various teams have to collaborate and design a coordinated response. Playbooks were felt to be important so as to give all employees an understanding of their role and responsibility in a given scenario, especially when security operations are outsourced.

 

Strengthening industry collaboration

Many participants were keen to learn from high-profile cyber attacks such as the Equifax data breach in 2017 and called for organisations to produce step-by-step reports of what has gone wrong to enable them to draw parallels. Roger mentioned that in the aviation industry, airplane crashes are always followed by detailed findings reports, allowing all stakeholders to develop better controls, and that ideally the cyber security industry needs to evolve to reach that point. One participant felt that the crux of the matter was that developers are recruited to build a product but once they leave, nobody in the business has an understanding of how the product works. Another suggested that no-fault reporting systems could be a good way of ensuring transparency without attributing blame.

 

Enhancing resilience

The idea was raised that employees need to be rewarded for positive behaviour, such as reporting incidents straight away. In addition, it was felt that presenting board members with priced risk was the best way of conveying the reality of cyber incidents. For example, the Factor Analysis Information Risk framework allows companies to assess how often incidents might reasonably occur and at what cost, and subsequently compare this figure against the cost of implementing mitigating controls.

 

In summary, Roger underscored that organisations should plan for the breach, tag data before it goes to suppliers, establish playbooks, test their processes and process integration, review their tech stack and ensure they are leveraging emerging best practice.

For more information on all of our upcoming virtual events here at Noord, please click here to visit our event calendar.

For more information on all of our upcoming virtual events here at Noord, please click here to visit our event calendar.

Related Articles

Defending the Dynamic Workforce of Tomorrow

Defending the Dynamic Workforce of Tomorrow

On October 12, 2021 Noord hosted a virtual boardroom in association with Darktrace. The event consisted of a brief introductory Q&A between Andrew Tsonchev, Director of Technology, and a Darktrace client. Following this, senior IT professionals were invited to...

read more
Redefining the Role of Asset Management in Cyber Security

Redefining the Role of Asset Management in Cyber Security

On September 15, 2021 Noord hosted a virtual boardroom in association with Axonius. The event consisted of a brief overview by Dean Sysman, CEO and Co-Founder of Axoniuis, followed by a discussion among senior IT professionals on the role of asset management in cyber...

read more
Defending the Dynamic Workforce of Tomorrow

Defending the Dynamic Workforce of Tomorrow

On October 12, 2021 Noord hosted a virtual boardroom in association with Darktrace. The event consisted of a brief introductory Q&A between Andrew Tsonchev, Director of Technology, and a Darktrace client. Following this, senior IT professionals were invited to...

read more
Redefining the Role of Asset Management in Cyber Security

Redefining the Role of Asset Management in Cyber Security

On September 15, 2021 Noord hosted a virtual boardroom in association with Axonius. The event consisted of a brief overview by Dean Sysman, CEO and Co-Founder of Axoniuis, followed by a discussion among senior IT professionals on the role of asset management in cyber...

read more

See what IT professionals recently said about cloud migration.