Cyber attacks on Ukrainian infrastructure and other countries supporting Ukraine, are escalating at an unpresented rate with a complete lack of regard for collateral damage.
The impact of a Cyber-attack on you organisation can be catastrophic, both financially and operationally, to say nothing of reputational damage which arguably could be the worse of the three.
That makes Cyber security a board-level responsibility which means board members and partners must be aware of the basic questions they should be asking their IT team or managed service provider.
What do you need to know?
A successful attack may prevent you from accessing your data by encrypting it, your data may also be sold on the dark web or released online with malicious intent. Attacks such as those we are seeing originating from Russia, will often compromise your whole network, not just a single computer.
What do you need to ask?
What monitoring is in place around those critical assets that would have an impact if compromised, damaged, or altered?
Is monitoring happening in real time and managed by trained security personnel? Retrospectively checking logs for anomalous activity doesn’t cut it.
Do you have procedures in place for staff to report any suspicious activity, and is this routinely reinforced through training refreshers?
Are you protected by professional security operations centre (SOC) personnel who will know how to manage alert thresholds and recognise genuine alerts when they occur?
Do you have genuine visibility of all the physical, virtual and software assets on your network and their status, and are they maintained with the latest patches and versions.
Are you able identify and shut down shadow IT which may be introduced into your network by your own staff?
How do you authenticate and grant access to users or systems? Is Multi Factor Authentication in use and is access granted based on least privilege?
How is storage separated so that if an attacker gets access to one repository, they will not have access to all copies of your data?
Are you able to avoid a recovery that could take several weeks with damage to corporate reputation and brand?
What data is ‘critical’ and how frequently is this backed up? How frequently is non-critical data backed up?
How confident are you that you would be able to recover from these backups? How frequently is this checked?
How are our backups stored? Offline or different locations? What are your recovery time and recovery point objectives (RTO, RPO)?
Do you have clear escalation routes and defined decision-making processes to deal with a major cyber incident?
Do you understand your regulatory requirements and obligations to report data loss incidents?
What are your contingency measures to maintain business operations?
Are you able to practice your response to cyber incidents, how often can you do this and how do you learn from these exercises?
What level of expertise does your service provider have to assist you to prevent or respond to cyber incidents?
It’s crucial that your IT team or a technology partner understands the threat landscape and is proactive in mitigating attacks on your your business
Board members should also have a clear view of where the vulnerabilities lie and what steps are being taken to mitigate those risks.”