Governments, NATO and military organizations now recognize cyberspace as a ‘domain of operations’ or the fifth operational battlefield, with the other four being land, sea, air, and space. As the world becomes hyperconnected, cyber threats will prevail, becoming more rampant and dominant, causing a permanent societal impact. In this new world order, the only means by which governments and organizations can achieve cyber resilience is by preparing themselves for any kind of disruption, conflict, or instability.
Below are steps organizations and security teams can follow for understanding potential threats in times of instability and be better armed for any sort of contingency.
1. Determine if your entity is a target
Determine if your organization’s purpose, prominence or relationships make it a direct target for an attack by the cyber fringe. For example, if a business is involved in critical services like food, water, power, telecommunications or healthcare, there will be some probability of it becoming a direct target. Indirect attacks also remain a possibility for any organization. The Solar Winds attack, one of the largest supply chain attacks in recent history, is believed to have indirectly impacted more than 250 federal agencies and businesses. Consider how direct or indirect risks affect your business’s risk profile and implement a mitigation plan to address those risks.
2. Conduct regular testing
Scan your infrastructure, networks, devices and applications to identify security vulnerabilities. Obtain the services of a third party to conduct penetration tests on all high-risk areas to identify potential loopholes that can be exploited. Conduct phishing simulation exercises to determine the preparedness of your workforce and security processes. Rehearse incident response plans so the business can identify and plug any gaps to help ensure the organization is geared to respond and recover should any kind of cyber incident occur.
3. Monitor the developing situation
As the situation unfolds, ensure your business has access to timely and accurate intelligence regarding current and predicted events. It might be a good idea to prioritize risks based on what is relevant to your organization. Risks that make you a direct target must be flagged as critical risks and should be addressed immediately. It’s also a good idea to feed top management with relevant intelligence so that when the time comes, they can make decisions quickly without wasting time.
4. Ascertain whether the business has digital assets in destabilized regions
Evaluate whether your infrastructure (cloud or on-premise) resides in identified conflict zones. Understand how dependent your organization is on those digital assets or infrastructure and evaluate any immediate steps the business should take to bolster resilience in the event that piece of infrastructure is unavailable.
5. Build an asset isolation plan
Devise a plan to isolate high-risk environments and infrastructure in case a cyberattack hits or an immediate threat is observed. Ensure your contingency plan is tested thoroughly and validate whether your proposed business continuity plan operates as expected. Your business continuity plan could include tactics like adding redundancy, selection of alternative assets, and hardening of existing assets.
6. Fine-tune action plans against existential cyber threats
It’s no longer possible to overlook the possibility of encountering an extreme, high-impact cyberattack. One must accept the reality that some organizations may not endure a highly targeted cyber operation. Existing strategies that rely solely on defensive tactics may not be enough to counter such an existential threat. That’s why security teams must take the time to create an offensive, proactive, actionable plan that helps them to prepare, respond, and resume business from unknown threats.
7. Maintain engagement with stakeholders through periods of instability
Cybersecurity is a shared organizational responsibility that requires coordinated action from across the entire business process chain, including third-party partners. Involving stakeholders during unstable times can help security teams take effective and swift action and also aid in the successful and effective implementation of response and business continuity plans. Relevant stakeholders could include anyone who has a mandate, role or responsibility in the action plan, someone with skills or expertise needed to operationalize it and someone that could disproportionately affect the action plan or its implementation. Transparency and communication with key stakeholders are extremely important in periods of destabilization.
As digital transformation initiatives sweep across all industries and become standardized, there is a high likelihood they will grow to become increasingly weaponized. The devastation wrought by cyberattacks will be profound and business threatening. It’s time organizations accept this reality and adopt a proactive approach to prepare for any kind of eventuality.
This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.