In the wake of the Talk Talk, Ashley Madison and Tesco Bank hacks, cybercrime represents a brimming cocktail of threat. The nature of cybercrime is dynamic with the perpetrators cloaked in shadows trying to do you or your organisation harm.
FBI Director James Comey likens it to a layer cake. “At the top you have nation state actors, who are trying to break into our systems. Terrorists, organised cyber syndicates harvesting people’s personal computers, down to hacktivists, down to criminals.”
THE C SUITE AND CYBERCRIME
It’s enough to keep CEOs and senior executives awake at night. But here’s the problem; it’s unlikely that many of the C suite are in the first flush of youth. Most will have grown up in a world where a computer, less powerful than a laptop, took up the space of a small warehouse.
Few will be tech savvy and, while no one is expecting them to be hands on when it comes to fighting cybercrime or cyber attacks, they do need to ask the right questions of their IT specialists.
SO WHAT DO EXECUTIVES NEED TO KNOW ABOUT CYBER SECURITY?
- How are executives informed about current cyber risks?
- What is the process?
- What is the threat level and what are the current risks?
- What is our plan to overcome these risks?
- How many and what types of incidents are normally detected in a week?
- At what point or threshold is the crisis team notified of a cyber attack?
- Is client data we hold encrypted?
- How effective is our cyber security response plan and has it been tested during a simulation exercise?
HOW CAN YOU PREPARE FOR A CYBER ATTACK?
For bosses it is no longer enough just to seek assurances from the head of IT that adequate cyber security exists. Senior executives need to understand the specific vulnerabilities their company faces and have in place plans and processes to fight back in the event of a cyber attack; preparedness is the key. Cyber security must be a board level effort, someone on the board must own cyber security.
Today, the majority of simulations exercises run by Crisis Solutions are based around cyber attacks. They generally involve the seizing of staff and client data. Thereafter there may be a ransom demand to stop details being posted on line or the ransom may be demanded to release encrypted data.
The best way to tease out if the above questions have been asked and whether the answers are available is through an immersive crisis simulation exercise.
- Convergence and the future of crisis management
- Cyber-crime and corporate reputation
- Kettlegate – a cyber-storm in a teacup
Cyber security webinar
On 10th November 2016 we ran a cyber security webinar with Ken Munro, a penetration testing expert and “ethical hacker”– he regularly hacks into banks to check their systems. Ken featured recently on BBC News, where he successfully hacked his way into a Mitsubishi Outlander.
If you missed the webinar, you can listen to the recording and see the slides.