The sad and inhumane events which are unfolding in Ukraine remind people of the physical cost of armed conflict. At the same time, the Russia-Ukraine war is also shining the light on the importance of cyber conflict, writes Rohan Langdon, Vice President for Australia and New Zealand at ExtraHop.
The armed conflict (and other geopolitical conflicts) is making it very clear that the parameters of modern warfare have changed. As well as being fought on land, sea, and in the air, they’re also increasingly taking place in the digital realm. IT systems, data, and critical infrastructure are being attacked as fervently as cities and towns.
In the war’s slipstream, companies of all sizes – especially those that house data and intellectual property of national strategic importance – are at increased risk of attacks from nation-state actors.
The Australian Cyber Security Centre (ACSC) has issued guidance for how to stay secure, including a range of technical and operational recommendations such as monitoring for vulnerabilities, patching applications and devices, prioritising monitoring for internet-facing and critical network services, securing inventory, and rapid detection and response to destructive attacks.
These offer clear, straightforward, and actionable recommendations for corporate leaders and executives about how they can best support security teams and prepare their organisations for a worst-case scenario.
Together, they ensure visibility and support for CISOs and SecOps teams, lowering reporting thresholds for threat activity, and testing plans and capabilities around incident response and business continuity. Steps taken now could make a significant difference if cyberattacks occur.
The IT department and the business
However, as the conflict continues, it has never been more important for an organisation’s IT team to have a close working relationship with the rest of the business. Communication must be constant, of high quality, and a two-way process.
Senior managers need to ensure that everyone within their organisation understands the importance of strong cybersecurity. IT security teams need to be given full support and the level of resourcing they require to effectively carry out their roles.
To ensure this critical, two-way communication pays dividends, there are a number of things that senior managers should do. They include:
Get fully briefed
Senior leaders should take time to be briefed on their organisation’s existing security posture. They should strive to understand the current status, including areas of strength and weakness, and any plans underway to strengthen it.
Executives should be familiar with the challenges their security teams face and provide them with the resources they need to be successful when it comes to withstanding cyberattacks. Many executives and boards have governance structures that require periodic reporting but building a strong relationship as a baseline can ensure an organisation is prepared for a real event.
Understand planned responses
Executive leadership teams also need to be fully briefed on their organisation’s incident response, crisis management, and business continuity plans.
This will help to refresh their understanding of the role that they and their staff will play if an attack takes place. Incident response plans should include assessment of each executive's departmental response readiness, and the results should be reported back to the full executive team.
Review the entire security infrastructure
It is also important that senior managers assess the security infrastructure that is currently protecting their organisation. They should work to understand factors such as:
How often software is updated and policies regarding automatic updates. Deploying patches and updates as quickly as possible is a key part of any security strategy.
How frequently critical systems and data are backed up, and how those backups are protected from compromise. They should also understand how quickly core systems could be restored in the event of an attack.
What identity management (IM) and multifactor authentication (MFA) tools and processes are being used, and whether they are fully operational.
How the organisation monitors, manages, and protects endpoints, including both traditional endpoints such as servers and PCs, as well as Internet of Things and mobile devices.
How the IT team is managing the risks associated with the use of public-cloud applications and infrastructure.
How the organisation’s network is secured and what ability is in place to detect, remediate, and investigate potential cyberattacks.
Remember the wider security ecosystem
As senior executives undertake this detailed communication with their IT teams, they should also remember there is a wider ecosystem of parties involved in achieving effective security.
This includes systems integrators, managed services providers, channel partners, and technology vendors. Each brings a different element to the mix and all play an important role in ensuring security is as robust as possible.
The threats posed by cybercriminals are only going to continue to increase. Taking thorough, preventative steps now can help to avoid significant disruption and damage in the future.