
Cyber preparedness starts with your crisis plan


Sean Duca, VP and Regional Chief Security Officer, APAC, Palo Alto Networks
Today, cyberthreats pose a real challenge to businesses. The evolving nature of cyberthreats, from malware to cryptomining, makes it difficult for businesses to keep up as they continually develop to become more sophisticated. However, effective cyber preparedness does not mean an overreliance on technology. In a Palo Alto Networks survey of businesses across the Asia-Pacific region, almost half of employees surveyed were found lacking in awareness about cybersecurity and its importance (47 percent) – the biggest cybersecurity challenge facing organisations. Without effective education, planning and operational understanding in place—businesses in Asia-Pacific are left increasingly vulnerable.
Rather than a technology issue, such risks should be treated as a business issue. While most companies already have a strategy in place to handle different types of crises, including managing the communications process with stakeholders, cybersecurity is an area where most do not have solid plans for worst-case scenarios. We know very well by now that no one is immune to threat actors looking to steal data or penetrate and disrupt critical systems through various entry points, whether it is the network, applications, the cloud, or even end-point devices.
As companies are accountable to their stakeholders, cybersecurity calls for guiding principles which are necessary in determining how stakeholders will be informed about a breach, and how they will be provided with relevant information as more data is analysed to paint the full picture. Furthermore, cyber crises are also uniquely challenging - many cybersecurity breaches are discovered by a third party and/or by being leaked to the media, with company executives waking up to the news instead of being updated in real-time.
While some companies have their own cybersecurity crisis plans, they still need to ask themselves a few questions:
• How well has your plan been tested?
• Has it been workshopped across multiple scenarios?
• Have you run your plan through mock trials?
•W Is the plan even up to date?
Here are some tips to make your crisis planning more dynamic and effective:
1. STAY CURRENT AND RELEVANT BY UPDATING THE PLAN REGULARLY
Include input from key stakeholders and schedule time on the team’s calendars to revisit the plan regularly – on a quarterly basis, if possible.
2. TEST THE CRISIS PLAN
Train all employees, including the board, with mock drills. Inject different scenarios into the basic plan and imagine all the different ways in which a breach could impact the business.
3. UNDERSTAND YOUR BUSINESS, DOWN TO THE DAY-TO-DAY OPERATIONS
Explore all the machinations of the way your business operates day-to-day. Plan for day-to-day operations with a continuity plan that is also tested and rehearsed. Additionally, understand what critical systems your business relies on, how they are interconnected, and what their dependencies are. If your response team is busy turning off exposed systems, your business may no longer be operating.
4. BE VERY SURE OF YOUR CONTINUITY PLAN
If your continuity plan is virtually covered in dust, it may also be filled with dated information about old systems and the contact details of response personnel who have.
Preparation takes time, but it is worth investing the time and effort to build the foundation of the business’ operations in this aspect. As cyberattacks continue to grow in volume and complexity, it is essential to have a robust and tested crisis plan so that your organisation can be well prepared to protect itself in the event of a breach.
ON THE DECK
Featured Vendors
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
Three Ways to Help Your Company Combat Common Security Mistakes
Rewriting The Rules On Global Payments With Localized Payment Methods
Smart Data Sales Automation
Marketing & Sales Technology In B2b –An Overlooked Accelerator For...
How Marketing Analytics Is Changing Life Insurance Sales
B2b Marketing: People-Based Within Account-Based Marketing
