We believe cyber security should be about what you can do – not what you can’t. Building agility into your cyber security strategy, with the expectation of change and disruption, enables you to architect an environment that is secure by design.
It’s a common misunderstanding that attackers gain entry to an enterprise’s system and steal data in one or two simple steps. In reality attackers have had access for months as they plan to exploit, pivot and steal assets. The Cyber Kill Chain details the multiple steps of an attack which can be observed, recorded and modelled during an incident, providing real-time intelligence to break the chain and respond to the threat.
Hardly a week goes by without the press highlighting another data breach or cyber security incident, often resulting in a member of the ‘C suite’ resigning. A recent report by renowned think-tank The Centre for Strategic and International Studies quoted losses of $375 – $575 billion, and suggests that cyber crime might extract up to 20% of the global economic value created by the internet through fraud and espionage.
Intelligence on the intentions and motivations of hacktivists, organised criminals, nation states and insiders enables leadership to position cyber risk as an everyday business consideration to implement a proactive and reactive threat management process. This also exemplifies that cyber security is the responsibility of all within the organisation, with the accountability held at the very top.Understanding that rapid, effective incident response is critical during the first ‘golden hours’ of a data breach ensures decisions are made early onto positively affect the outcome of the whole investigation and can minimise reputational risk.
In order for leadership to feel free in the event of a cyber incident there must be a repeatable, robust and risk managed process that is open and transparent. Knowing the who, how and why of a cyber attack allows for a response which matches the threat and maintains the security, integrity and availability of critical assets.
It’s important to mention that responding to a cyber attack involves looking beyond the technical response. Ensuring staff are trained to deal with the media, how to co-operate with authorities, and how to comply with legal obligations relating to disclosure of customer-sensitive information as a result of a data breach is imperative for a favourable outcome.
This article represents the views of the author only, and does not necessarily represent the views or professional advice of KPMG in the UK.