Together we can build a stronger remote response to cyber threats
The ability to deploy a remote and collaborative response to a cyber attack requires preparation and rehearsing
The challenges posed by COVID-19 have changed the way businesses, communities and society as a whole operate. All interactions have moved to online platforms; the economic impact of the crisis has shifted consumer priorities; and global trade has been largely disrupted; just to name a few examples. Undeniably, the definition of what makes a business successful at responding to cyber threats has also changed significantly.
Now, more than ever, the virtual collaboration between technical and strategic teams across the business is key to deploy a remote response to a cyber incident. In order to successfully achieve this, it is indispensable to review, test and rehearse cyber crisis response processes and adapt them to remote working conditions. This is not only relevant during the response to COVID-19, but also in the longer term as we reinstate our updated versions of 'business as usual'.
Many organisations have had to quickly introduce new IT infrastructure to support remote operations, potentially bypassing existing security processes and best practices. Moreover, the sudden complete reliance on remote access systems and unfamiliar ways of working have increased organisations’ vulnerability to cyber threats. Since the beginning of the COVID-19 crisis in late 2019, malicious cyber actors have exploited COVID-19 related terminology, themes and vulnerabilities.
For example, a large amount of recent phishing campaigns have been launched imitating ‘WHO communications’. More sophisticated Advanced Persistent Threat (APT) and ransomware actors have also adopted new approaches to gain access to their victims’ critical infrastructure. Key targets include Virtual Private Network (VPN) providers and virtual communication platforms. In this increasingly challenging context, no matter how mature an organisation’s crisis response structure might have been prior to COVID-19, the ability to deploy a remote, yet agile response to a cyber attack requires preparation, testing and rehearsing now.
Learning from the response to COVID-19
The lessons from the ongoing response to COVID-19 provide valuable insight on the strengths and limitations an organisation faces when operating remotely. As Crisis and Business Continuity Managers gradually move towards running the response to COVID-19 as ‘business as usual’, an in-depth analysis of the organisation’s response capabilities must inform its cyber crisis management structures. This includes reflecting on and documenting whether multiple teams have been able to mobilise quickly, the effectiveness of communications and the alignment of immediate actions with business priorities.
One of the most valuable lessons already identified across multiple industries is the importance of the collaboration between cyber security teams and their IT and business continuity counterparts. COVID-19 has proven that any type of disruption requires an organisation-wide understanding of the business processes impacted, as well as robust planning to mitigate any associated risks. However, the effectiveness of this collaboration, particularly when all the responders are based in different locations, must be rehearsed.
Collaboration between cyber security and business is key to an effective response
Virtual cyber exercises are a viable way of testing the coordination between the technical and business teams. Unlike standard exercises completed in person, virtual exercises are facilitated remotely and require participants to engage with their fellow responders using the organisation’s online platforms or any other means documented in their crisis response plans. The latter option is particularly relevant when exercising how to mobilise a remote team in case of a lack of access to online systems, for example, as the result of a ransomware attack.
A significant benefit of rehearsing the virtual response to a cyber incident is enhancing the organisation’s faculty to respond to multiple crises simultaneously. One of the outcomes of COVID-19 has been the reduction of financial and personnel resources. Therefore, developing the clockwork coordination of the key resources needed to respond to a cyber incident without compromising the response to COVID-19 is essential to minimise the economic, operational and reputational impact of a cyber attack. This is increasingly relevant for teams working across multiple geographies as they need to coordinate their response continually.
Another important aspect to consider is the structure, pace and effectiveness of the Crisis Management team’s virtual meetings. Even if cyber crisis responders have a well-rehearsed meeting agenda, the remote decision making process might be different from what they are used to when interacting face to face. Virtual cyber crisis exercises provide the opportunity to rehearse online meeting etiquette, test communication channels and get acquainted with the nature of making pressing decisions in a remote manner.
The ability to successfully respond to a cyber incident in spite of any other operational challenges posed by COVID-19 is a major differentiator in an organisation’s survival. Rehearsing the remote response to cyber threats through virtual exercises strengthens the crucial link between tactical, technical and strategic business areas. This will enhance the organisation’s ability to respond to cyber threats as those areas work even closer together in the transition towards the new business environment shaped by the outbreak.
Contact us
Advisory Director, Head of Risk Assurance, PwC Channel Islands
Tel: +44 7797 900015
