T o strike when and where an enemy is most vulnerable is a cardinal tenet of Sun Tzu’s Art of War, a strategy shared by cyber criminals looking to penetrate organizational defenses. The rapid expansion of the remote workforce has significantly increased the attack surface of corporate networks, creating multiple vulnerabilities for hackers to inflict chaos or to steal sensitive information for profit.
As a result, and realizing the last thing needed is further turmoil, cyberattacks are likely to rise heavily in number and severity over the coming months as workers continue to use unsecured personal devices across vulnerable home internet connections. Forecasts suggest traditional coerced ransomware decryption costs from businesses in the United States alone are likely to exceed $1.4 billion in 2020, a daunting figure that does not consider the destructive damage of wiper malware, a more severe type of encryption attack which cannot be reversed.
While every organization weighs cost and benefits of cybersecurity defense according to their own internal priorities, we regularly advise our clients that a key differentiator in limiting damage from an attack is the ability to act quickly and decisively. Central to defense is creating an operative Incident Response Plan (IRP) in advance to guarantee that any cybersecurity incidents which jeopardize the privacy of sensitive information are properly identified, contained, investigated, and remedied.
Such a Plan should evaluate scope and response to the applicable risk and underlying information value. Plan components should also be periodically tested to identify and correct gaps and implement pertinent recovery and reporting procedures. To achieve this, organizations should be wary of battling cyber adversaries only internally and enlist external expertise including professionals experienced in planning and response.
Establishing advance advisory relationships with external subject matter experts including a cyber insurance carrier, forensic discovery firm, public relations firm, consumer notification firm, legal counsel, and other service providers will ensure a ready team to deploy to support organizational leadership in response to a cyberattack or other crisis. Don’t be caught with your guard down, accomplish your cybersecurity preparedness now.