Please complete all required fields!
Even well-articulated and documented cyber incident response plans can go astray when a cyber incident actually happens. Experience shows the best plans can fail spectacularly. In this special report, IBRS interviews two Australian experts of startups in the field of cyber incident response, and uncovered the better practices for keeping your incident response plans real.
Read more ...
Many security incidents are having major impacts on organisations. In too many cases these are left to the information technology teams to handle.
Yet the group most responsible for an organisation’s continued survival and growth is the chief officer (CxO) group. Incident response therefore ultimately resides with this group. In order to develop the ability to handle a major attack on an organisation, it is imperative that the CxO group also become familiar with responding to cyber security events.
This can be done by running tabletop exercises that then become the basis for building more detailed plans around communications, crisis management, and the organisation’s preparedness.
As is common in security, a buzzword becomes a product segment which is then flooded with new entrants or even old players with new offerings. A classic case is the detection and response segment. Initially, it was one approach – endpoint detection and response. But as vendors entered the segment they were driven to find differentiation points to stand out from the crowd.
What was a simple segment became one with many new acronyms, new problem definitions and of course a plethora of products. To help understand the basic differentiation of products in this segment this advisory provides a direct and simple definition for each main sector along with points to note about how to select any specific product in the segment.
To cater for organisations with requirements to keep data in-country, VMware has opened a Sydney based Point of Presence (PoP) for Carbon Black Cloud in the AWS Sydney data centre. Carbon Black Cloud offers end-point security, which provides behaviour based analysis of devices.
Why it’s Important
The market for end-point security based on behavioural analytics is growing quickly. However, it relies upon hyper scale Cloud or Cloud-like resources. The paradox is that risk-averse organisations that can benefit from this type of endpoint protection are reticent to allow as-a-Service solutions not based domestically to have access to sensitive information about their staff activities. By opening a Sydney based PoP for Carbon Black Cloud, VMware removes a policy barrier to this type of end-point security.
Carbon Black Cloud is one of a growing list of technology offerings in end-point security that leverage Cloud computing and AI. This market will grow rapidly as remote and hybrid working environments become a permanent part of the economy. And rightly so. In principle, IBRS does not see that data geolocation (keeping data domestically) significantly improves an organisation’s security stance, though it may provide regulatory compliance. Latency issues, especially for high-volume services, are also a consideration.
In practice, many organisations still need to address legacy policy regarding information management, and so the trend towards vendors setting up local data processing operations will continue..
Related IBRS Advisory
Conclusion: Cyber incidents and the protection of information have now taken enterprise and national significance.
Organisations will need to learn to operate securely in a zero trust world. With an ever-increasing number of cyber-related incidents, cyber security risk has evolved from a technical risk to a strategic enterprise risk. The risk of a compromise for most organisations is increasing with the acceleration of digital transformation, adoption of technologies such as Cloud services, analytics and IoT. The threat landscape is further compounded by increased regulatory and compliance requirements.
A cyber compromise is almost inevitable and organisations are now focusing on improving the resilience of their organisation to a cyber incident. Many organisations now have cyber resilience programs in place which not only protect and defend their key information assets but are also well placed to respond should a cyber incident occur. Our cyber strategy, roadmap and implementation advisory are designed to assist on your cyber resilience journey.
Conclusion: The COVID-19 pandemic crisis is sweeping across the globe and is being felt by every individual and every organisation. By its very nature, the COVID-19 crisis is global in scope, indefinite in its duration and unknown in its long-term impact. Given the reliance of organisations on their ICT services, particularly at this point in time, CIOs have a unique opportunity to make a significant contribution, showcase their leadership capability and enhance the long-term brand of their ICT teams. All too often under the pressure of a crisis, CIOs will focus on tasks as opposed to the softer elements of leadership. The opportunities this crisis presents should not be wasted. Your leadership is on show.
Conclusion: Ransomware attacks have been in the news lately with Toll, Talman, Travelex and Manheim Auctions all having their day-to-day operations completely shattered. Many pundits and security product vendors are touting their initiatives to help an organisation defend itself against such an attack.
Despite all best efforts, there is no 100 % guaranteed defence against succumbing to a ransomware attack. So rather than investing still more funds in defensive products, it is well worthwhile creating a strategy to allow a rapid recovery or reestablishment of service after being struck by an attack.
It is possible to develop some strategies, all relatively inexpensive apart from time, that will position an organisation to have an excellent chance of quickly returning to normal productivity after a ransomware attack.
Login to read your premium content.