Building cybercrime preparedness in a digital era
Cyber resilience can create opportunities to increase the security awareness of staff, management and the board to reduce their riskier behavioural elements: Paul Wright, associate director, Forensics, KPMG Lower Gulf
Information communication and internet technology are evolving at a tremendous pace, and whilst this can provide vast opportunities for legitimate users, it may also give criminals similar opportunities.
Today, cybercrime has no boundaries – especially as it can be perpetrated from anywhere in the world, against any computer. This may result in a cybercriminal data market, probably due to the scale of data loss in each attack, which may imply that offenders have an abundant supply of new marketable data.
Cybercrime is one of the threats to organisations around the globe and could be one of the major problems faced by businesses today. According to Kaspersky, the average cost of a cyberattack rose to between USD 108,000 and 1.4 billion in 2019, while the average global spend on security products and services is estimated at a new high of USD 124 billion.
To avert such disasters, planning and preparing for the unexpected – especially in response to a security incident – is important. One of the priorities may be to concentrate on prevention and being prepared to respond to an incident. It is this proactive approach that can help in making a difference.
Cybercriminals have been focusing on financial institutions for over a decade, compromising their customers’ devices to access online banking accounts. During this time, cybercriminals have also been targeting enterprise assets. When money is stolen from a customer’s bank account, it will just about always be revealed. However, when cybercriminals steal intellectual property and other sensitive data from a corporation, the trail may not be so obvious, and the exfiltration may never be discovered.
Companies are generally oblivious to cybercrime attacks. The vast majority of cybercrime victims discover a compromise only because a third party notified them. This was the case in In October 2019 the cybersecurity team at vpnMentor uncovered an open database belonging to Autoclerk, a hotel property management system, putting at risk the information of hundreds of thousands of individuals, including those belonging to the United States military and government personnel. Showing that this third-party fact is as true today as it was when it was highlighted in the Verizon Data Breach Investigations Report in 2011 and subsequent reports.
With traditional information security, you may not be able see the bigger picture – only the individual parts. It is a bit like the ancient parable about six blindfolded men and an elephant. In various versions of the tale, a group of blind men (or men in the dark) touch an elephant to learn what it is like. Each one feels a different part, but only one part, such as the side or the tusk. They then compare notes and learn that they are in complete disagreement as to what they were touching.
Security must have a strategic, layered approach and one of those layers needs to be incident response. Having an incident response plan is likely to be critical to combat cybercrime. This involves developing a robust methodology influenced by business, governance and ethics. The plan should involve individuals from all levels and areas of an organisation, and comprise the entire gamut of processes, controls and tools.
Investing in an incident response plan will help organisations address emergency situations with a pre-planned strategy to protect their own interests. There is no one-size-fits-all approach but establishing the right procedures can bring an efficient and repeatable process that contributes to a quick recovery, should an incident occur. Furthermore, lessons learned can help prepare for or even prevent future incidents, and in turn reduce legal liability.
An organisation that detects an incident first can validate the incident themselves. They can control details behind third party involvement and ensure better response planning. It is the difference between leading the way and being pushed along.
Understanding the risks and threats beforehand is a key part of building cyber resilience. Being able to prepare for, withstand, rapidly recover and learn from deliberate attacks or accidental events online is a key element of resilience, but cyber resilient organisations recognise that operating safely in a digital environment goes far beyond just purely technical measures.
By building an end-to-end understanding of cyber risks and threats, and aligning them to business objectives, they may be able to take the appropriate measures to protect their digital assets and maximise the opportunities available online.
Cyber resilience can create opportunities to increase the security awareness of staff, management and the board to reduce their riskier behavioural elements; creating a clear line of sight between business objectives, and digital strategy and cyber security implementation.
Organisations can aim to develop and test an incident response plan, which can be enacted in the event of an attack. This will help to ensure that the appropriate personnel (within the organisation and outsourced technical support) are quickly engaged, and that priority is given to isolation and restoration of key systems. The minutes and hours after an event are critical – be prepared.