Improving Cyber Crisis Response in the Ransomware Era
Even before COVID-19, cyberattacks were a top-tier threat for crisis managers and senior leadership. The pandemic, of course, turbocharged the crisis. Ransomware attacks alone soared by 150 per cent in 2020; ransomware payments were up by even more – more than 300 per cent. Governments aren’t sitting back idly, though.
Attacks up on critical infrastructure but other sectors aren’t safe without effective cyber crisis response protocols
For more than a year and a half now, societies have been in pseudo-war footing to curb the spread of COVID-19. And so, critical infrastructure assets, such as water treatment facilities, pipelines, food distributors, and healthcare facilities, have become plum targets for nefarious actors.
Recently, governments have responded aggressively, putting the onus on critical infrastructure asset owners and operators to boost their risk mitigation efforts.
Australia is updating its existing security of critical infrastructure legislation. For its part, the U.S., under the Biden Administration, has issued a National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems.
The Memo details crisis management measures for priority sectors, such as essential service providers and transportation. Owners in these sectors are compelled to strengthen their organisation’s cybersecurity protocols.
These moves come on the heels of targeted cyber security incident management response measures in the transportation sector, requiring critical pipeline owners and operators to report cybersecurity incidents, designate Cybersecurity Coordinators, and Conduct reviews of their own cybersecurity practices.
Technology to improve cyber crisis response
The Australian transportation sector is no stranger to measures like these. After all, a strict security incident reporting regime has been in place for some time there.
However, other sectors – whether in the critical infrastructure space or not – might need to get acquainted with tougher reporting protocols as part of their overall cyber crisis response and preparedness efforts.
To do so, they will have to overcome some stark challenges to effective cyber crisis response and management; specifically, the fact that providing intelligence, coordination, and response that is accurate, timely, and effective requires the coordination of numerous processes, systems, and operators.
What to do? Organisations heavily reliant on email for executing cyber crisis response can be aided by flexible, configurable, digital solutions that help plan and manage information, operations, and communications. How so?
Well, these solutions would capture and consume information from multiple sources, including reports, logs, communications, forms, assets, and maps, providing a real-time common operating picture of the task or operation at hand.
Leveraging powerful, yet easy-to-set-up workflows, these user-friendly solutions control and automate management processes and standard operating procedures, keeping the right stakeholders informed across multiple communications mediums.
Analytics and reporting tools would also ensure that decision-makers have the correct information in the best available format, when they need it. These solutions would also track tasks to ensure that the right actions are taken and followed through, helping crisis and security teams to assign, manage, and track resources.
More specifically, the systems would provide a case management framework that orchestrates information flows throughout the organisation, providing consistency where multiple systems, sources, and processes are employed, as well as enabling the secure exchange of information and coordination of resources across multiple stakeholders.
That’s not all. To get ahead of cyber actors, organisations need to ramp up cyber crisis response more broadly. To learn what other tools and capabilities might help, download our guide to improving cyber incident response and management.