Cybersecurity from Compliance to Crisis – With the ever-growing threat of ransomware and other cybercrimes, we provide an overview of cybersecurity strategy that focuses on addressing risk, keeping up with regulatory and compliance issues, and managing a cyber crisis.
In our data decryption webinar series, we provide a global perspective on what keeps executives up at night as the world’s threat actors seem more sophisticated every day, and provide hands-on guidance on how to address those risks and concerns and how to address the challenges ahead can be prepared.
We share key takeaways from the Not ‘If’ but ‘When’: Global Cybersecurity Update that we believe will be useful to you. Note that the webinar took place in two time zones, but the content and discussions in both sessions are aligned. Click here to view the recordings.
- Cyber threat landscape: Recently, there has been a shift from theft and fraud to ransomware attacks. While many people view these issues as information security issues, many of the most common attack vectors – such as compromised credentials, phishing, and cloud misconfigurations – stem from mistakes made by individuals within the organization. With regard to the threat actors, a great deal of blurring and uncertainty has arisen, and it is becoming increasingly difficult to distinguish financially motivated attackers from hacktivist or nation-state actors.
- Increasing risk from more sophisticated attackers, COVID-19 and digital transformation: The fraudulent amounts have increased significantly as the sophistication of the threat actors. Higher risks are also exacerbated by COVID-19, as increasing remote working increases the vulnerability to attacks. The digital transformation further increases the risk of cyber attacks, as the increasing use of data increases the “attack surface” for attackers.
- Cybersecurity affects all elements of an organization, not just the IT department: the global increase in cybersecurity incidents shows a persistent problem of inadequate internal controls, not just from a technical perspective, but also from a personnel perspective. A lack of data loss prevention tools or unstructured data sets, as well as a lack of effective cross-departmental training, can significantly increase a company’s cybersecurity risk. Effective, regular and up-to-date training (for both users and the IT team) is essential not only for prevention, but also for responding to a cyberattack. Companies should develop cross-functional incident response plans and conduct regular tabletop exercises in order to plan and prepare such attacks and to mitigate financial risks by taking out cyber insurance.
- Preparation is critical: Organizations should have appropriate security measures and a cross-functional response plan for data security incidents in place, and take steps to ensure that an attack is minimally disruptive and the risk of future attacks is minimized. These steps include the separation of backup systems and the creation of a business continuity plan as well as the involvement of response providers in order to create a “break-glass” solution. Organizations should also consider key decision points during attack preparation, such as public relations considerations and the general ransom payment position, regulatory considerations, operational considerations such as insurance requirements and who and how to deal with attackers, and the law. Enforcement notification strategy.
- Be aware of regulatory requirements when responding to cybersecurity incidents: Companies should consider legal and regulatory requirements when taking security measures, developing their cybersecurity policies, and responding to cyber attacks. When conducting investigations, regulators will most likely consider these matters. For example, when deciding whether to pay a ransom, organizations must conduct due diligence to ensure that the threat actor is not a sanctioned party. Businesses should also work with legal counsel to correspond with law enforcement and regulators such as data protection and cybersecurity agencies, and be aware of their information exchanges and cybersecurity laws, which may result in these communications being used in subsequent litigation and / or potential information leak. Organizations may have to comply with notification obligations to regulators, enforcement agencies, customers and individuals, and there are often time requirements associated with this that vary by jurisdiction and the type of business involved. In these circumstances, coordinated action is vital.
Regional sessions focusing on Latin America, North America and Asia Pacific will be announced shortly. To get more details, register your interest here.