Remote work has taken off since the start of the pandemic, and so has the cyber threat. Already in March, online attacks had shot up six times their February levels. As we now know, that surge would only accelerate – to dire consequences for businesses already struggling to respond to COVID-19.
What can organisations do to respond to the crisis threat? These crisis planning practices will help.
By now, it’s clear that the rise in remote work has precipitated a surge in cyber activity. Opportunistic hackers detected a key vulnerability in information security. And that’s untrained remote workers.
How big was the vulnerability? This survey of remote workers revealed that some two thirds of the group hadn’t been given any form of cybersecurity training in the last year.
And since remote work has taken off in all sectors, for-profit corporates haven’t been the only victims of cybercrime. The global healthcare sector, for instance, has found itself firmly in the crosshairs of hackers and nefarious state actors.
The World Health Organization confirmed a dramatic increase in the number of cyberattacks directed at its staff. A high-profile IT incident involving a Czech Republic hospital ground that country’s COVID-19 testing effort to a temporary halt. And there have also been numerous reports of state-sponsored cyber industrial espionage in the race to develop a COVID-19 vaccine.
Of course, one of the most brazen COVID-19-era cyber attacks against public infrastructure has been the spate of wide-ranging cyberattacks against Australia’s government and institutions. The Government has responded by beefing up cyber funding, retooling its cyber strategy, and enhancing existing security of critical infrastructure legislation. But what should others do?
Well, data breaches aren’t new. They’ve just intensified and gotten more sophisticated. In turn, organisations must react. And that means developing, implementing, and testing robust data breach action plans to keep sensitive company and customer data safe.
So, how to get going? Before putting pen to paper on a data breach plan, it’s highly advisable to consider two critical factors: first, the plan’s purpose and its scope.
Try to be as clear and concise as possible in distilling points. Do remember that goals and objectives vary depending on your existing cyber security posture, market position, available resources, etc.
Ultimately, the plan should set you up to prepare for a cyber incident, detect cyber threats, assess the level of threats, review processes laid out in your plan, and (crucially) improving the plan itself, if need be.
Not all IT events are created equally, though, and they shouldn’t be treated like they are. An Incident Response team shouldn’t be designed to tackle every disturbance on the system or network. As such, action plans should clearly lay out how to manage (and escalate) a given incident, by establishing a response framework with specific incident notification procedures.
A common consideration for escalating an incident is potential impact to the organisation, e.g. reputational damage, profit loss, legal sanction, etc. Remember some incidents require law enforcement involvement, so coordinate with your Legal team accordingly.
When it comes to establishing response and action procedures, spell out the concrete processes your team will take per data breach incident.
Typically, as soon as your organisation becomes aware of a data breach, you’ll implement measures to contain the incident. Once the breach is contained, you’ll assess the risks to the organisation, individuals, and entities impacted by the incident. The result of that analysis then determines the parties you must notify, e.g. the affected individuals or entities, the public, shareholders, business partners, and/or regulators.
Responses don’t always follow the same (generic) pattern, however. That’s why it’s critical your notification procedures are crystal clear. Those procedures should list out when to notify, who to notify, and how to notify, e.g. email, written correspondence, SMS/text alert, traditional and/or social media, etc. Also, you’ll need to determine who will talk to external parties as well as the Board and the C-suite.
Of course, the response plan itself is only the first step towards preparedness. Ensuring that teams will be able to engage with the plan during a crisis will involve digitising the plan and uploading it into crisis management software. Don’t have such a solution? Or not sure it can handle responding to a cyber incident? It might be time for an upgrade. Our crisis management buyer’s guide lays out the capabilities you should consider.