How to prepare for a cyber attack

By OEM Update Editorial June 29, 2017 2:17 pm IST

Nitin Bhatt, National Head and Partner, EY Risk Advisory, India shares his point of view about the evolution of cybercrimes and how organisations can manage the ongoing threat.

As disruptive innovations and new business models transform organisations and communities around the world, their sustainability is threatened by a plethora of cyber risks. We are already a witness to one of the largest cyber-attacks recently with “WannaCry” impacting the lives of many individuals and enterprises. Indeed, criminals and nation states are increasingly attacking the technology assets of individuals, organisations and governments, stealing and selling valuable information, and in an alarming trend, paralysing critical infrastructure. With governments and enterprises increasingly leveraging the internet for mission-critical cybersecurity continues to remain a top imperative across the world.

Unfortunately, India Inc.’s response to cyber risks has not been robust. India ranks third globally as a source of malicious activities and its enterprises are the sixth-most targeted by cyber criminals. Cyber resilience is a critical boardroom imperative. The key challenge for Indian companies is that most view cybersecurity as an “IT issue”. Consequently, cyber risks do not get appropriate top management attention. This needs to change. The cyber threat landscape continues to evolve and presents new challenges to organisations every day. In response, organisations have learned over decades to defend themselves and respond better, moving from basic measures and ad hoc responses to sophisticated, robust and formal processes.

Following is an overview of the evolution of the threat landscape for cybersecurity.

There are three high level components of cyber resilience:
• Sense: Sense is the ability of organisations to predict and detect cyber threats. This can be done by simply investing in cyber intelligence
• Resist: Resist mechanisms are basically the corporate shield to cyber-attacks. It begins with assessing an organisation’s risk appetite
• React: If Sense fails (the organisation did not see the threat coming) and there is a breakdown in Resist (control measures were not strong enough), organisations need to be ready to deal with the disruption, ready with incident response capabilities and mechanisms to manage the crisis.

Significant progress has been made in taking measures to strengthen corporate shield. In the last two to three years, we have also seen organisations focus more on their Sense capabilities. Most organisations, however, are lagging behind in preparing their reaction to a breach. Focus on cyber risks, not only on cybersecurity. A recent EY survey said:
• 75 per cent of responders said that their cybersecurity function did not fully meet their organisation’s needs.
• More than half (61 per cent) the responders said that their outdated information security controls or architecture were one of the biggest areas of vulnerability.
• 54 per cent believe that cyber-attacks are primarily targeted at disrupting or defacing the organisation’s websites or other digital assets, while they also believe that theft of IP or data continues to be an important risk.
• Surprisingly, only 58 per cent of the survey respondents from India fear that the next attack will be to their employees’ carelessness or complicity, compared with 78 per cent of global responders who consider this to be a likely source of attack.

Advertising

Your future advertising space? Our media data

Nitin Bhatt,
National Head and Partner –
EY Risk Advisory, India