Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,320
- Points
- 113
Cybersecurity directly affects business continuity. A company can implement effective cyber policies and use expensive IT systems, but if business partners adhere to lower security standards or attackers use employees as insiders, then the organization's operational processes are at risk.
In the digital economy, issues such as cybersecurity and cyber hygiene, data preservation, managing IT systems as a whole, as well as effective recovery programs in the event of cyber attacks are becoming a key resource for the success of companies and the growth of their profits. Chaotic, reactive management of these processes not only leads to lost revenue, but also creates risks for the future of the business as a whole.
Lack of coordination. Often in companies, one department does not know what the other is doing or does not know about changes in IT systems, which creates new risks. This isolation leads to a number of undesirable consequences - shadow IT processes begin to appear, which the centralized infrastructure management service does not know about. In the event of an emergency situation, these "self-written" services fail, and corporate IT cannot restore them, since it does not know anything about them. Shadow IT, often run by people without technical skills or knowledge but with a passion for technology, lacks the tools and expertise to fully support digital services. As a result, there are no culprits, the business loses its competitive advantages or is completely idle.
Intra-corporate insiders. This includes both current and former employees who knowingly become insiders or unknowingly violate corporate rules. For example, they can easily share with friends about some data of the security system of a company in which they previously worked or are still working to this day. This also includes business partners - suppliers, customers, and vendors and service organizations who have or have previously had access to the company's infrastructure. According to our estimates, this risk source accounts for over 55% of cyber incidents.
Focus on safety as such, and not on all production and business processes in general. The goal is not in the absolute security of IT systems, but in ensuring flexibility, and the ability to return to a stable, efficient state from any emergency situation. This means that the design of the processes, the control system, the work of the operators are “layers” that increase the overall level of security if they are set up correctly. For the same reason, it is necessary to start from the "upper levels" of safety networks, for example, when a company uses a process control system - an automated process control system. In other words, intrusion prevention systems are installed in those segments that do not allow cybercriminals to get to any physical device, sensor, in order to hack it and disrupt the normal operation of the enterprise.
Lack of audit of existing cyber threats. This is necessary in order to assess how reliable and effective the company's cybersecurity and recovery program is. The best way to do this is to simulate a cyber intrusion. The analysis of recovery programs assesses whether they are applicable to a real-world emergency, whether the company is provided with the necessary resources at a reasonable cost to complete the recovery steps, whether employees have the necessary skills, and how the existing post-cyber incident recovery strategy can be improved. In the course of such an audit, the existing IT risk matrix is reconciled with those that had to be faced and their impact on the business is assessed. It is important that such training exercises are conducted regularly and at least once a year.
Transfer of safety functions to middle management. Among the main principles of effective management of security systems and recovery programs is the involvement of top management and the business owner. This means that special bodies must be created: committees with the participation of senior management, which will monitor such events and, if necessary, make adjustments to them. This guarantees the involvement of all levels of management - from a specialist to top management, as well as ensuring control by the owners.
First, periodic review of policies and procedures. Once created, companies rarely pay attention to updating them. As a result, these documents may not contain instructions on how to recover critical systems, or contact information may be out of date. And in the event of a crisis, these procedures may not be available at all due to a large-scale failure of the data warehouse or communication networks.
Second, integrating the recovery program with the overall continuity strategy and testing it. For example, often metrics of acceptable recovery time for IT processes are not aligned with the time it takes to recover critical business processes. Lack of testing means that the company has no guarantees that the recovery program can be applied in practice.
Such testing should be comprehensive. It is not enough to perform data recovery for a single system. The goal should be to restore the functioning of business-critical business processes and IT systems. It is also necessary to check the degree of readiness of personnel to act in a crisis situation, whether and how quickly the organization can carry out the movement of personnel and assets from the main location to an alternative one.
We also recommend that you involve key vendors in testing, as this provides an opportunity to evaluate the effectiveness of your continuity plan, taking into account the existing dependence on the external environment, and to obtain feedback from vendors to improve it.
A business for which cyberattacks are unexpected and unpredictable black swans is losing. We need to look for opportunities to be proactive. It is important to use an integrated approach that includes risk assessment, their analysis, modeling of various scenarios that seem to be the most significant and significant for the business, and build recovery programs for each scenario. This will be your antifragility strategy in the face of ever-changing risks.
In the digital economy, issues such as cybersecurity and cyber hygiene, data preservation, managing IT systems as a whole, as well as effective recovery programs in the event of cyber attacks are becoming a key resource for the success of companies and the growth of their profits. Chaotic, reactive management of these processes not only leads to lost revenue, but also creates risks for the future of the business as a whole.
Typical risks for companies
The tactics of "conservation" of systems once developed. Our observations from our work with different companies show that organizations often implement large-scale IT projects to ensure cybersecurity, high availability of digital services and business continuity. These steps create the illusion of security that managers have been in for several years. In reality, the company remains vulnerable if it does not use the tactics of continuous improvement of security systems. It is necessary to constantly analyze how the current strategy corresponds to the new circumstances.Lack of coordination. Often in companies, one department does not know what the other is doing or does not know about changes in IT systems, which creates new risks. This isolation leads to a number of undesirable consequences - shadow IT processes begin to appear, which the centralized infrastructure management service does not know about. In the event of an emergency situation, these "self-written" services fail, and corporate IT cannot restore them, since it does not know anything about them. Shadow IT, often run by people without technical skills or knowledge but with a passion for technology, lacks the tools and expertise to fully support digital services. As a result, there are no culprits, the business loses its competitive advantages or is completely idle.
Intra-corporate insiders. This includes both current and former employees who knowingly become insiders or unknowingly violate corporate rules. For example, they can easily share with friends about some data of the security system of a company in which they previously worked or are still working to this day. This also includes business partners - suppliers, customers, and vendors and service organizations who have or have previously had access to the company's infrastructure. According to our estimates, this risk source accounts for over 55% of cyber incidents.
Focus on safety as such, and not on all production and business processes in general. The goal is not in the absolute security of IT systems, but in ensuring flexibility, and the ability to return to a stable, efficient state from any emergency situation. This means that the design of the processes, the control system, the work of the operators are “layers” that increase the overall level of security if they are set up correctly. For the same reason, it is necessary to start from the "upper levels" of safety networks, for example, when a company uses a process control system - an automated process control system. In other words, intrusion prevention systems are installed in those segments that do not allow cybercriminals to get to any physical device, sensor, in order to hack it and disrupt the normal operation of the enterprise.
Lack of audit of existing cyber threats. This is necessary in order to assess how reliable and effective the company's cybersecurity and recovery program is. The best way to do this is to simulate a cyber intrusion. The analysis of recovery programs assesses whether they are applicable to a real-world emergency, whether the company is provided with the necessary resources at a reasonable cost to complete the recovery steps, whether employees have the necessary skills, and how the existing post-cyber incident recovery strategy can be improved. In the course of such an audit, the existing IT risk matrix is reconciled with those that had to be faced and their impact on the business is assessed. It is important that such training exercises are conducted regularly and at least once a year.
Transfer of safety functions to middle management. Among the main principles of effective management of security systems and recovery programs is the involvement of top management and the business owner. This means that special bodies must be created: committees with the participation of senior management, which will monitor such events and, if necessary, make adjustments to them. This guarantees the involvement of all levels of management - from a specialist to top management, as well as ensuring control by the owners.
Two key principles of cyberattack recovery programs
I would highlight two key principles of cyberattack recovery programs.First, periodic review of policies and procedures. Once created, companies rarely pay attention to updating them. As a result, these documents may not contain instructions on how to recover critical systems, or contact information may be out of date. And in the event of a crisis, these procedures may not be available at all due to a large-scale failure of the data warehouse or communication networks.
Second, integrating the recovery program with the overall continuity strategy and testing it. For example, often metrics of acceptable recovery time for IT processes are not aligned with the time it takes to recover critical business processes. Lack of testing means that the company has no guarantees that the recovery program can be applied in practice.
Such testing should be comprehensive. It is not enough to perform data recovery for a single system. The goal should be to restore the functioning of business-critical business processes and IT systems. It is also necessary to check the degree of readiness of personnel to act in a crisis situation, whether and how quickly the organization can carry out the movement of personnel and assets from the main location to an alternative one.
We also recommend that you involve key vendors in testing, as this provides an opportunity to evaluate the effectiveness of your continuity plan, taking into account the existing dependence on the external environment, and to obtain feedback from vendors to improve it.
A business for which cyberattacks are unexpected and unpredictable black swans is losing. We need to look for opportunities to be proactive. It is important to use an integrated approach that includes risk assessment, their analysis, modeling of various scenarios that seem to be the most significant and significant for the business, and build recovery programs for each scenario. This will be your antifragility strategy in the face of ever-changing risks.
