Has your business planned for the worst?

Issue 5 2023 Editor's Choice, Information Security, Security Services & Risk Management

Cybercrime might not get the same attention as contact crimes, but it's nonetheless devastating. During 2018, the US Federal Bureau of Investigation (FBI) received over 350 000 complaints relating to cybercrime, with losses exceeding $2.3 billion. But that turned out to be small numbers: in 2022, the FBI received over 800 000 complaints, tallying to losses of over $10 billion. South Africans were not spared, losing around R2,2 billion to online criminals last year. Many of these victims are small and medium businesses, some of which do not recover from the criminal attack.

How can organisations protect themselves against cybercrime? According to Guy Golan, CEO and Co-Founder of Performanta: "It requires several things, such as threat monitoring, awareness training, and good security practices like patching and configuration management. Out of all those actions, an incident response plan is one of the most important. Unfortunately, it's also very often overlooked or neglected."

South African companies cannot afford to skip that step. Cybercrime activity in the region has grown year-on-year, both as an activity and a threat. The 2022 Data Vulnerability Thermometer ranks SA as fifth globally for cybercrime victim density, and Interpol's 2022 Africa Cyberthreat Assessment report predicts that the country could soon be Africa's biggest cybercrime hub.

Incident plans: security ICU

Yet many local organisations still skirt crucial security measures. Specifically, they overlook the necessity of incident response plans.

Incident response, or IR, is a specialised part of security. One can compare it to a hospital's intensive care unit: IR kicks in when the organisation detects a breach of its systems. Like medical specialists rushing to save patients, stabilise them and get them out of danger, IR stops criminals from doing more damage.

An incident response plan is the lynchpin of this response. It defines actions based on business priorities, establishes key response team members and stakeholders, and determines reporting requirements for legislators, shareholders, and the media. It literally tells companies who to call when trouble hits: it's the emergency contact on a fridge or saved on a phone.

"IR can be compared to ICU," says Golan. "Every second counts. Experts need to work out what's wrong and take immediate action. The infection, disease or bleeding must be controlled and reduced. You can easily use terms such as 'triage' or 'golden hour' in this regard because they fit.

Now imagine if you didn't have access to an emergency contact or if you can't reach a hospital fast enough? This is exactly what happens when there isn't a ready and tested IR plan, and an IR team to execute it."

When they don't reach ICU, patients can die. It is dramatic to suggest cybercrime can kill a business, though that is a reality for smaller organisations. Larger enterprises can take the blow, but at significant costs. A security breach can cost an average of US$4.45 million (R83 million), according to IBM and the Ponemon Institute. Lost productivity and data, reputation damage, and lingering criminals are all factors that deepen a breach's cost.

"Cybercriminals are experts at hiding themselves and changing an environment to suit their plans. They are less worried about being caught than being ejected. So, they dig in, and it takes considerable resources and skills to get them out. An IR plan is what determines how effectively a company can fight back and purge the bad guys,” says Golan.

Plan from the top

The onus of pre-establishing IR is on the CEO, the executive team, and the board. Like a doctor asking patients questions to establish their medical context, an IR plan must reflect an organisation's priorities, requirements, and risks. Security teams cannot answer those questions, nor can the technology department. These are squarely strategic business considerations.

But business leaders are not security experts. Collaboration between business and technical stakeholders delivers an effective IR strategy. The business should champion the plan, empowering both others in the company and security partners to create it. The choice of security partner is essential: IR skills are specialised and best enlisted through a security partner's network.

"Creating an IR plan can be intense, which is why many organisations avoid it or do it in half-measures," says Golan. "They might even believe that they won't be attacked because they are too small or have some security systems in place. But when you get a cybersecurity breach, then you want that plan to be ready to go."

South Africa is unlikely to dispel its growing cybercrime reputation any time soon. But local organisations can prepare and avoid the worst when they fit cybersecurity to their specific needs and risks. An IR plan is a crucial part of that preparation and will ensure your business has a plan for the worst.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SMARTpod talks to The Risk Management Forum
SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Videos Training & Education
SMART Security Solutions recently released its first SMARTpod podcast, discussing the upcoming Risk Management Forum Conference 2024, which will be held on 26 September 2024 at the Indaba Conference Centre in Fourways, Johannesburg.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...
New State of Physical Access Control Report from HID
HID Global Editor's Choice Access Control & Identity Management News & Events
HID released the 2024 State of Physical Access Control Report, identifying five key trends shaping access control's future and painting a picture of an industry that has been undergoing considerable transformation.

Read more...
Addressing today’s mining challenges: cyber risks beyond IT
Editor's Choice Information Security Mining (Industry)
Despite the mining industry’s operational technology systems being vulnerable to cyberattacks, many decision-makers still see these threats as purely an IT issue, even though a breach could potentially disrupt mining operations.

Read more...
Workforce Consortium to reskill 95 million people
Editor's Choice News & Events AI & Data Analytics
ICT Workforce Consortium of global leaders has come together, committing to train and upskill 95 million people over the next 10 years, as 92% of jobs analysed are expected to undergo either high or moderate transformation due to advancements in AI.

Read more...
How to effectively share household devices
Smart Home Automation Information Security
Sharing electronic devices within a household is unavoidable. South African teens spend over eight hours per day online, making device sharing among family members commonplace. Fortunately, there are methods to guarantee safe usage for everyone.

Read more...
How is technology changing the industry?
Editor's Choice
SASA and the International Code of Conduct for Security Providers Association (ICoCA), a Geneva-based organisation, will hold a consultative workshop in South Africa in September to discuss how technology is changing the industry and the associated risks.

Read more...
Innovation and security go hand in hand
Technews Publishing Facilities & Building Management Security Services & Risk Management
In a world where the demand for tech innovation is matched only by the acceleration of cybersecurity threats, businesses face the challenge of balancing new product development and robust security measures.

Read more...
Fortinet establishes new point-of-presence in South Africa
News & Events Information Security
Fortinet has announced the launch of a new dedicated point-of-presence (POP) in Isando, Johannesburg, to expand the reach and availability of Fortinet Unified SASE for customers across South Africa and southern African countries.

Read more...
New tools for investigation and robust infrastructure security
News & Events Information Security
Cybereason continues to enhance its security platform, with recent updates introducing improvements in file search operations, investigation query results, and cloud workload protection, providing more granular data and faster key artefact identification.

Read more...