When many in-person industries shut down at the beginning of the pandemic, remote work took off. An unintended consequence of these rapidly assembled teleworking arrangements, though, was the steep rise in cyber attacks.
But attacks themselves aren’t the only incidents Security teams and their enterprises have to worry about. There’s also the reporting that comes after.
The fact is businesses today are statistically likelier to be the targets of cyber attacks than they were before the COVID-19 crisis. The stats are staggering.
Banks alone have seen a 238 percent jump in attacks, with over a quarter of attacks targeting finance and healthcare.
Things aren’t any better when you look across the entire economy. Cloud-based attacks rose 630 percent in the first months of the crisis. Phishing attempts have jumped 600 percent since the end of February. And the average ransomware payment rose 33 percent to USD111,605 compared to the last quarter of 2019.
The first lockdown was a particularly dangerous period. Cyber attacks against home workers rose five-fold in six weeks in the U.K.
The basic template was replicated around the world: opportunistic hackers taking advantage of newly remote workers, many of whom hadn’t received proper cyber security training from now over-stretched and under-staffed IT offices.
Of course, private hackers weren’t the only ones to blame. Incidents like Australia’s all-of-government attacks were state backed, auguring a grim new normal, set to persist well past the pandemic moment.
Naturally, the response to this new cyber landscape has been a beefing up in investment in cyber detection and prevention tools. If it wasn’t a priority beforehand, cybersecurity software is certainly on the agenda now. But there’s usually a key component missing.
Protection is important. However, the ubiquity of these cyber incidents suggests that what you do in response to an attack might be even more significant.
Why’s that? Well, many jurisdictions across the world have imposed timely incident reporting requirements on businesses that suffer cyber breaches – requirements that come with steep financial penalties for non-compliance. Often, the same logic applies to physical security breaches on so-called critical infrastructure.
The requirements themselves might vary. In the European Union, for instance, the General Data Protection Regulation (GDPR) prescribes stringent notification rules, should a breach of EU citizen personal data occur. Those rules include:
- Timely notification (not later than 72 hours after having become aware of a personal data breach) to the Supervisory Authority
- Data processor must notify the data controller, i.e. the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
- Notifications themselves must at least:
- Describe the nature of the personal data breach, including where possible, the categories and approximate number of data subjects concerned, and the categories and approximate number of personal data records concerned;
- Communicate the name and contact details of the data protection officer or other contact point where more information can be obtained;
- Describe the likely consequences of the personal data breach;
- Describe the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
- Documentation by the data controller of any personal data breaches, comprising the facts relating to the personal data breach, its effects, and the remedial action taken. Documentation will enable the Supervisory Authority to verify compliance
The GDPR, of course, isn’t the only game in town. But its incident notification strictures might be models for other data privacy regimes, if they aren’t already.
It will take an integrated, enterprise resilience approach to get on the right side of these reporting requirements. And that approach has to be supplemented by a software solution, like Noggin’s, that lets you report and manage all incidents, major events, risks, and operations in a single flexible platform. To learn what the Noggin platform can do for you, request a demo today.