Cyber drills are the new fire drill

Almost everyone would have experienced a fire drill, be it a memory from our school days or more recently conducted by your office. Practice drills ensure that people are all familiar with the steps to take in case of an emergency, minimising the risk of harm.

While many people understand the steps to take when faced with fire, how many employees would know what to do in the event of a cyber attack?

As business becomes increasingly integrated with new and emerging technologies, the threat of cyber incidents and data breaches also grows. In fact, the Australian Cyber Security Centre (ACSC) reported a 13% increase in cybercrime in the 2020–21 financial year, compared to the previous year, equating to one report of a cyber attack every eight minutes.

Having a robust response plan to cyber incidents is no longer an option: it’s a necessity. It’s time for organisations to take inspiration from the good old-fashioned fire drill and apply it to cyber safety practices, ensuring employees are trained in what to do in case of a hack, regardless of their technical background.

Investment where it’s needed most

Most executives across Australia understand the risk when it comes to cyber attacks — financial, reputational, loss of business-critical data and so on — yet very few understand how to mitigate risk, let alone the full extent of investment required to do so. You could say budgeting for cybersecurity is largely similar to paying insurance — it requires ongoing investment and continual adaptation. However, financial investment into one single piece of technology will only get you so far.

With hackers one step ahead and online threats rapidly changing, responsibility can no longer just lie with the technical team to keep up the pace. It’s the human element we must be conscious of, with employees more often than not being the weakest link in an attack, by opening suspicious emails or clicking on a malicious link.

In fact, recent research from Veritas found that 50% of Australian employees have accidentally deleted company files hosted in the cloud — such as important documents, presentations and spreadsheets — with as many as 14% admitting to doing so multiple times a week.

It is now up to business leaders to invest in a combination of technology, people and processes to reinforce a culture of cybersecurity and cyber awareness. If organisations don’t train or educate their staff to keep up with the modern threat landscape, they will fail to become resilient to cyber risks.

Cyber drills — the new fire drill

It’s safe to say that testing and education are crucial in the event of an emergency. Testing recovery plans help reveal cracks and vulnerabilities that otherwise would never have been discovered. So why do we conduct fire drills for buildings, but not on our IT environments? How many CIOs actually know where their digital assets are? Have they tested employee cyber awareness with a drill?

These are the questions we must ask ourselves when assessing our preparedness for cyber attacks. It is critical that organisations regularly exercise their ‘cyber-threat muscle’ so it becomes second nature to know what to do when disaster strikes.

To bolster cyber resiliency, we can consider implementing the following key measures:

1. Prepare: The majority of organisations don’t have a response plan in place, or a team that is equipped to create one. Introducing a cyber response toolkit that details who is responsible for what in the event of a breach is essential. Establish containment and isolation plans. Generally, you can’t protect everything, but what you can do is classify your data, identify the ‘crown jewels’ and contain them first.
2. Practice: Conduct routine testing of the readiness of your organisation to respond to attacks by implementing security drills designed to simulate real-life threats. This will demonstrate your employees’ ability to identify and react to malicious attempts aimed at compromising your information security. There is also a growing market for third parties who test your security, detection and response abilities with real-world ransomware techniques, keeping your organisation up to date with new methods. This will help to ensure quick recovery following any attack.
3. Premediate: Consider what infrastructures you have in place that block attackers from moving through your services. Whether it’s taking control of those applications that are permitted inside a network, diligently patching any bugs that regularly creep into your software or hardening your backup platforms — it is critical to have robust systems in place that build resiliency.
4. Backup: Running backups regularly won’t prevent an attack or stop a hacker from releasing sensitive data, but an effective and comprehensive backup and recovery strategy is a safety net that has saved many businesses from disaster. This requires multiple copies of all valuable and critical data, and these copies must be both complete and current, with at least one copy stored offline for airtight security.

Holding business leaders accountable for cybersecurity requires commitment, awareness, education and strength in leadership. Nowadays, putting these priorities aside can have severe reputation and financial implications should the company fall victim to an attack.

Cultural change and greater awareness are now a must in order to take cybersecurity seriously. It’s never usually an easy fix, but action must be taken for the protection of your business, and your industry as a whole: before it’s too late.

Image credit: ©stock.adobe.com/au/creative soul