What should you know to handle a cybersecurity crisis?
Cybercrime

What should you know to handle a cybersecurity crisis?

Technology companies routinely come across cybersecurity risks, but it’s far rarer when these turn into a fully-blown crisis. American chip maker Intel is the most recent example of a security vulnerability that’s become a global catastrophe, when it identified flaws with its processors.

The vulnerability, named Meltdown and Spectre, affects the hardware of Intel’s x86 microprocessors as well as some developed by ARM. Through it, cyber crooks can get access to and compromise these processors. The fault essentially means a dodgy process can read virtually all types of kernel memory.

This devastating flaw affects a range of systems, including devices running on Windows, Linux, macOS and iOS. A plethora of cloud systems and servers have also been affected. As a result, tech giants such as Apple and Microsoft have had to release bug fixes to ensure hackers can’t get into devices.

There's a potential back-door built into every PC in your organization, but perhaps not for much longer. Will the open hardware race curb worrying chip vulnerability?

Consumers, organizations and governments around the world have shared their concerns about the incident, but Intel seems to be working to fix the flaw. The company has responded by not only providing security updates, but by also announcing plans to set up a specialist group to improve hardware security. The question is, what should other firms do in the wake of such incidents?

 

Why team collaboration is important  

Most companies have processes in place to respond to security and technology epidemics quickly. Darron Gibbard, managing director of Northern Europe at Qualys, explains many of these strategies are centered around teams and the impact issues could have on customers.

“All tech companies worth their salt have processes in place for managing security events – teams work together to understand what the issue is, what the potential impact on customers can be, and how this should be communicated to the market,” he says.

Companies, he tells us, should constantly be tracking and spotting technical flaws. “It’s best that companies are proactive in looking for potential vulnerabilities or issues, so that they can be managed in advance rather than dealing with unexpected surprises. I think the biggest difference for the future is that more businesses are becoming technology companies – trends like digital transformation mean that more companies rely on their IT processes to function, so more companies have to look at this in more detail,” he comments.

However, as technology continues to advance, firms will need to keep evolving these systems. Gibbard says that if firms do this right, they can also save money on security spending. “The whole shift to DevOps and faster delivery of services can be a blessing for companies, as long as the right processes for security are put in at the start with DevSecOps. Helping teams in development, test and QA spot issues before they hit production or live customer instances can reduce costs around security, and prevent issues coming up in the first place,” he adds.

Our annual poll to find out what’s security threats are worrying security professionals: What will be the single biggest security threat of 2018?

How to learn from past mistakes

Ken Munro, partner at ethical hacking company Pen Test Partners, says companies need to ensure they have the right amount of staff and sufficient security infrastructure to deal with major technical flaws. “The quality of crisis response has suffered in recent years due to IT staff shortages and an over-reliance on point solutions. Consequently, we’re more exposed than ever before. Wannacry was a good example. Here was a classic worm outbreak that should have been contained and controlled efficiently but which was made more difficult to manage due to a number of factors,” he says.

Firms need to better understand data if they’re to spot potential threats as well, he says. Often, companies take too long to respond to intelligence. “There had been plenty of worm predecessors, and yet many organizations failed to follow tried and tested best practice. Why? Because they couldn’t act on the intelligence received. Some didn’t know enough about their data, where it resided and who had access,” he says. “Some didn’t have sight of patch levels on their machines with poor overall network visibility. Dealing with an infection and implementing network segregation under these conditions becomes extremely difficult.” 

Companies shouldn’t aim to be just reactive, though. They also need to learn from previous mistakes and implement measures to ensure that the same problems don’t arise in the future. “A vital part of incident management is putting in place measures to prevent a repeat occurrence. That can only happen if you give sysadmins the time and resource needed to start building the tools to fend off similar attacks,” explains Munro.

“Sadly, all too often sysadmins are firefighting or are assigned to other projects post-incident and that means the clean-up operation is only ever half done. What the tech team really needs is for senior management to take the heat off them so that they can finish the job and that requires the c-suite to have some understanding of the pressures involved and the time needed to remediate effectively.”

 

Why firms must be transparent

To stay ahead of the curve in terms of security, firms need to embrace transparency and openness. That’s according to the CEO and founder of Hedgehog Security, Peter Bassil. He says: “The way in which many firms handle a security a crisis needs to change, firms need to start embracing transparency and openness. Threats of large fines and sanctions for breaches has, quite rightly, left business leaders worried. Accidental breaches are by far the most common occurrence of breach but malicious breaches do happen.

“How both of these are handled can make a significant difference.  Gone are the days when hiding the incident was a viable option. Early proactive notification to investors, regulators and the ICO demonstrates taking security seriously and, though it can seem daunting, it will often prove beneficial in the long run.”

Of course, managing a security crisis isn’t an easy task, and it doesn’t help when threats are constantly becoming more complex. The most important thing is strategy. “Having a well-defined incident response process is key. Bringing together the right people, analyzing the event and determining what information has been exposed helps define what needs to be done next. Keep lines of communications open to regulators and relevant bodies. Regular updates and progress reports go a long way to proving you handle the incident well and helps negate potential sanctions and fines,” concludes Bassil.

PREVIOUS ARTICLE

«Could Huawei smartphone deal fail spell full-blown Sino-US trade war?

NEXT ARTICLE

What should you know about the Chinese blockchain market? »
Nicholas Fearn

Nicholas is a technology journalist from the Welsh valleys. He's written for a plethora of respected media sources, including The Next Web, Techradar, Gizmodo, Lifehacker, TrustedReviews, Alphr, TechWeekEurope and Mail Online, and edits Wales's leading tech publication. When he's not geeking out over Game of Thrones, he's investigating ways tech can change our lives in many different ways.

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should the government regulate Artificial Intelligence?