Cyber preparedness building blocks


An ignition guide to cyber drills for better incident response

“Remember when the disaster strikes, the time to prepare has passed”  – Steven Cyros

Every day newspapers and news websites are rife with stories of cyberattacks on large organisations causing financial and market reputation losses (Bangladesh Bank) to businesses, forcing near shutdown in some cases (Norsk Hydro, Target), data theft of customers in others (Toyota, Standard Charter) and not to forget IP loss (Adobe fined $1Million) and regulator fines.

As I write this, the latest in a long list of victims is German pharmaceutical and chemical giant Bayer, who was recently subjected to a sustained cyber-attack that allegedly originated from the Chinese Winnti hacking group. The news comes two years after Merck & Co was hit by WannaCry ransomware, a cyber-attack that the pharmaceutical company said had cost it around $135m in lost revenue, due to production shutdowns and lost sales, and they spent around $175m in remediation costs. The pace of cyberattacks is relentless and organisations invest serious sums of money to fortify their cyber defenses. The focus can no longer be limited to preventing the attack, organisations also need to know what to do when a breach happens. This is where a well-designed and tested incident response (IR) plan comes to play. According to a UK Government Study 58% of executive boards view cyber risks as a top business concern. 68% of boards have not received any training on how to respond to a cyber incident and 10% have no cyber incident response plan…Click here to read full article.