Jonathan Jackson from BlackBerry provides practical insights on how to approach cyber resilience.
Recent cyber attacks in Australia and around the world underscore the urgent need for organisations to develop a robust cyber resiliency plan that anticipates an attack with a suite of defences ready to deploy. From business to government, no organisation is immune.
JBS Foods hit the headlines in June when a ransomware attack originating in Russia shut down the Australian and global operations of the largest meat and food processing company in the country. In March, it was Nine Entertainment, which was hit by a ransomware attack that prevented staff from accessing emails and disrupted broadcasts at the time. It was one of the most serious attacks to ever affect an Australian media organisation. Since then, Nine’s real estate site Domain was hit with a phishing attack where scammers accessed personal information to contact potential renters and request deposits to secure properties.
It has been a particularly grueling start to 2021 when it comes to cyber attacks – and it hasn’t been confined to the private sector. In March, an attack on an external provider linked to the Department of Parliamentary Services (DPS) caused a severe disruption to the organisation’s IT services, preventing access to email. Fortunately in this case, the attack was detected and the link from the provider to the government system was immediately cut.
So what does this mean for public and private sector organisations alike? As Nine described its own “Cyber Awakening”, these attacks represent an alarm call for all businesses.
Developing cyber resiliency
Organisations need to come to terms with the reality that it’s no longer a matter of ‘if’ but ‘when’ a cyber attack will hit. This means that instead of focusing efforts on keeping cyber criminals out of the network, it’s better to assume they will eventually break through and prepare a multi-faceted defensive approach.
To meet these challenges, the concept of cyber resilience has emerged over the past few years as isolated cyber security measures have been shown to no longer provide sufficient protection.
In light of the sheer volume and increasing ferocity of cyber attacks, enterprises should be embracing the “Prepare, Prevent, Detect, Respond” approach to cyber resiliency. In practice, this involves working to protect against cyber risks, defend against and limit the severity of attacks, and ensure continued operations despite an attack.
Adopting the Prepare, Prevent, Detect, Respond defence
All the recent malware attacks indicate a certain lack of preparedness because they resulted in the disruption of usual business operations. With more frequent attacks, this in itself represents a significant threat for organisations across the board.
Preparation means being able to quickly detect unusual activity, assess and manage the network, information systems and business processes affected when a cyber attack strikes. Protecting data from unauthorised access is critical. Preparation includes, but is not limited, to adopting intelligent, prevention-first malware protection, adaptive security policies, Zero Trust access control, patch management, employee cyber awareness training and supply chain risk management.
Prevention is integral to stopping a threat in its tracks, preferably before it executes and can cause damage. Systems that need to run through a long line of processes around heuristics, behaviour, cloud look-ups and malware analysis may not do this in time.
Detection requires continual monitoring of network and information systems to detect anomalies and potential cyber security incidents before they can cause any significant damage. It should cover people, network, data and assets and include monitoring and active detection, threat hunting and digital forensics.
Responding to incidents, whether it’s a full-blown cyber attack that brings down a network or a short-term outage or network interruption, needs to happen swiftly to limit the impact of any disruption. Back-up and redundancy should include real-time monitoring, status reports and incident logs to stay across the situation and then be able to analyse it once the crisis has abated.
Protecting business continuity through cyber resiliency
While COVID-19 led to the rapid and widespread uptake of remote work and accelerated digital and cloud adoption, it has also increased the risk of attack. But it’s not the only thing adding to the threat of cyber-attacks. The threat landscape is continually shifting and changing. State-based actors, cyber criminals and other attackers are always looking to find a weakness and a new way to access and exploit sensitive information.
Developing an approach to cyber ecurity that is flexible, adaptable and resilient is the best path to ensuring business continuity in the event of an attack. Cyber resiliency strengthens an organisation’s cyber security defences, enables it to prioritise risks and threats, and swiftly respond to any incidents.
Implementing cyber resiliency can help an organisation adopt an active approach to security and reduce the severity of incidents. When an organisation is cyber resilient, it can more easily identify and protect the data it collects and comply with regulatory and legislative requirements. In today’s climate, when customers are wary about trusting organisations with their data, significant brand damage can result if the organisation is associated with a breach.
As the likelihood of an attack has grown in recent years, so has the risk of disruptions that can critically damage networks, compromise sensitive personal and business information and lead to significant reputational damage. Recent examples in Australia alone illustrate how easily government and business networks can be disrupted and compromised, and why cyber resiliency is the best defence.
Jonathan Jackson is director of engineering APJ at BlackBerry. He brings over two decades of tactical experience in the development and management of secure, scalable systems and was the Head of Security Advisory for ANZ before assuming his current role.