Every day, cybersecurity events are dealt with on a relatively small scale and responses become routine. Much like dealing with vehicle repairs, it is second nature to bring your car in for an oil change and tire rotation but what do you do when the engine completely fails? How do you respond to this seemingly tragic event? Only through experience do you know how to respond and sometimes you need to bring in an expert to assist. The same holds true for big business when it comes to the need for cybersecurity.
Recently, Sealed Air hosted leaders from a variety of business sectors across Charlotte, NC. During a cyber wargame, these leaders were able to gain practical hands-on experience about how exactly to respond, should they ever experience a "catastrophic" cybersecurity event.
All Business Sectors Are Potential Targets
Whether you work for a hospital, government entity or are the world leader in the food and packaging industry, all organizations that have computing systems that store and handle data, are targets for cyber miscreants. Threat actors often attack organizations just for fun but malicious criminals break into companies to steal data that they can monetize. Either through ransom or by selling sensitive information such as banking data, credit card information, social security numbers or Intellectual Property on the black market also known as the "Dark Web."
Organizations Need the Following Capabilities
- Assess and determine the scope of the cyber incident / event
- Act quickly to contain the impact and preserve forensic information
- Determine when to involve law enforcement or regulatory agencies
- Manage communications to control public and investor perception
- Activate business continuity and recovery mechanisms
Cybersecurity Trends To Watch
Sealed Air is moving swiftly into the Digital and Connected Device arena which offers new challenges. The Internet of Things (IoT) and smart devices are often easy targets for cyber attackers and we will see increases in this area in 2018. As international tensions mount, there is a real threat in escalation with nation states as the cyber cold war intensifies. Rogue states attack soft targets such as unprotected IoT devices and have the potential to disrupt industries, critical infrastructure or even supply chains.
The art of social engineering (manipulating people to share sensitive information) is by far the most effective path that cyber threat actors follow to infect systems with malware and take control of them. Phishing and other unsolicited emails looking like they came from a friend or company executive are examples of this type of activity. Expect to see a rise in large scale social engineering attacks this year.
Preparation and Security Training Are Key
All reputable organizations offer Cyber Security Awareness Training for employees to help ensure that employees are aware of what to look out for and how to respond to a potential scam. Whether it be a phishing email or a phone call from someone asking them for their username/password, it is imperative that employees take these types of training sessions and learn the basics of cyber hygiene.
Reducing damage and the impact on your organization are paramount. This will take coordination among internal and external stakeholders and reaction time will be critical to avoid a crisis for your business. Preparation is key.