By Frederick Johnson of Marcum Technology
Published March 14, 2022
With the current geopolitical climate, cybersecurity concerns have taken center stage for organizations worldwide. Many clients have asked us what they can do to best prepare should things get worse.
Our recommendation: Conduct a full assessment of your cybersecurity posture and capability, review your cyber insurance coverage, ensure your vendors are secure, and firm up your incident response plan.
Regardless of the disruptions taking place in the world, there are six actions your organization can take.
FIRST: KEEP CALM AND DON’T PANIC.
- Informed sources have not indicated any jump in direct, large-scale attacks against U.S. interests.
- Attacks would likely target the U.S. critical infrastructure list first.
- If you don’t know what that is, there is a good chance you are not on that list.
- Retaliatory attacks may occur, but would likely target organizations with long-term, conflicted relationships with Russia or high-profile targets.
- Detection for these attacks would likely begin at the largest internet providers and cloud service providers.
- The steps necessary to prepare for this type of attack are part of a standard recommended approach to a strong cybersecurity posture.
SECOND: GET UPDATES FROM THE VERY BEST OBJECTIVE SOURCES OF INFORMATION YOU CAN.
- Marcum Technology is a member of FBI InfraGard, which is an organization that acts as a liaison between private industry and the FBI. It provides regular updates on a wide variety of cyber security issues.
- Look to major news organizations: AP, BBC, New York Times.
- Seek out advisors and experts in cybersecurity.
- Bring in cybersecurity professional service firms.
THIRD: CONDUCT A CYBERSECURITY ASSESSMENT SO YOU KNOW YOUR EXPLOITABLE RISKS.
- Have an outside expert evaluate your risks and provide a list of identified issues sorted by severity.
-
- Internal resources tend to miss material items.
- Start remediating and fixing anything critical right away.
-
- Do not confuse a compliance audit (SOC2, PCI ROC, etc.) with a cybersecurity assessment.
- Remember the old adage: You don’t necessarily have to outrun the bear, you just have to be faster or better than your competition.
FOURTH: ADD OR IMPROVE A CYBERSECURITY LIABILITY INSURANCE POLICY.
- This provides coverage for key expenses in the event of a breach or loss, including:
-
- Cyber forensics
- Legal counsel
- Crisis communications
- Notice
- Credit monitoring
- It may cover business disruption.
- Claim payouts are directly impacted by how secure you can demonstrate your organization was PRIOR to the claim event.
Some insurance carriers offer discounted premiums if you have had a cybersecurity assessment done recently (and had a good report).
FIFTH: ENSURE YOUR VENDORS ARE AS SECURE AS YOU ARE.
- Most breaches are caused by weaknesses in third-party vendors.
-
- For example, Target with its HVAC vendor.
- Check your contracts for security responsibilities.
-
- Right to audit.
- Annual report on security from a third party.
- SLAs for security events.
- Co-accountability.
- Build close relationships with your key IT/cybersecurity providers.
-
- The time to get to know them is not the day you have a major security problem.
- Consider dropping vendors that provide commodity or low-value products/services if they create a cybersecurity risk for you.
SIXTH: BUILD YOUR INCIDENT RESPONSE PLANS AND TEST THEM REGULARLY.
- This starts with knowing your critical systems.
-
- How long can you operate while these systems are completely or partially down?
- What does it cost your business per day?
- Assume your systems will be down and potentially breached.
-
- Understand exactly what you need to do to get back up again.
- This affects people, process, and technology (all three).
-
- Full restorations must be tested.
- Practice different IR scenarios with your leadership team.
-
- Surprises are in the details.