By Marilia Wyatt, CyberPrivacy
To reduce cyberrisk, executives must lead large-scale crisis incident response plans which are resilient to aggressive attacks that blur lines between a nation-state and malicious criminals. That’s the advice of CrowdStrike CSO Shawn Henry, in a December 2017 interview with CSO Australia magazine.
Mr. Henry said that businesses should prepare for attacks from commercially-minded actors using the same sophistication and potential impact of nation-state tools. These attacks can have significant impacts on companies and society, he added.
Businesses preparing continuity of operations (COOP) plans ahead of the crisis could prove useful, Mr. Henry advised. The framework, which is described in the U.S. Department of Homeland Security guidance, can potentially ensure preparedness and resilience in the wake of a cyber-related crisis. COOP is used to prepare enterprises for damage and business interruptions during earthquakes, floods, and other disasters.
Attackers are organized. Unlike in the past when they primarily worked alone using ‘smash-grab’ techniques, today’s attackers work in groups, with each member bringing their expertise to a range of targeted campaigns focused on specific outcomes from conducting corporate espionage to stealing intellectual property.
Multiple attackers are discovered simultaneously targeting the same organizations, attempting to infiltrate after initial remediation, according to CrowdStrike Cyber Intrusion Services Casebook. The report highlights lessons on tactics and motivations based on intrusion cases the team has remediated.
“Investigations are seeing malware variants that employ techniques designed to spread once a system is infected. Victim organizations worldwide experienced the repercussions of failing to keep critical systems up to date and relying on ineffective legacy security technologies,” the report detailed.
The line between the level of sophistication typically exhibited by state-sponsored threat groups and criminals is increasingly blurring, cybersecurity experts say.
Companies can benefit from scenario training and simulations designed to prepare the executive team for what might happen in a cybersecurity incident and large-scale crisis. This preparation should identify gaps in planning, clarify roles and responsibilities, and test how the company operates under pressure.