Another key trend, says Rahul Mahna, a partner at Eisner Amper, is where bad actors use large language models and train them to act and sound like a person of interest. “By simulating a person in language and even voice, one can stage impressive hacking attempts for IT departments that are not prepared for this new level of deepfake technologies,” he explains.
Thus, given the increasing number of attack vectors and the potentially serious consequences of an attack – financial, operational and reputational, among others – it is crucial that organisations understand how to properly assess the impact of cyber security incidents and privacy breaches.
Damage limitation
In the event of an attack, organisations need to activate an appropriate plan to keep systemic damage to a minimum. The plan should be extant and not plucked after the fact from a generic ‘how to respond to a cyber attack’ manual.
“A formalised business continuity plan is critical to ensure an organisation suffers from the least amount of disruption and loss possible,” asserts Maggie Rose, vice president of client solutions at K2 Integrity. “This plan should be supported by a disaster recovery and incident response plan, and should encompass all aspects of the business, including people, processes, technology and infrastructure.
“The plan must also align with the organisation’s risk appetite,” she continues. “If proactively implemented before a security event, regular data backups via the cloud and, when relevant, the support of physical data backup centres can also assist in continuing business practices in secure environments during security events.”
In its ‘Data breaches unveiled: lessons learned and best practices’, Burning Tree lists five key lessons organisations should include in a cyber incident response plan to help them maintain business continuity during periods of disruption.
First is to understand the importance of data protection. Businesses must recognise that data is one of their most valuable assets. The cost of a data breach can be astronomical, not just in terms of financial penalties but also in lost trust and damaged reputations. Sensitive information – whether it pertains to customers, employees or proprietary business operations – must be guarded diligently.
Second is to accept that cyber security hygiene is non-negotiable. Maintaining basic cyber security hygiene is essential. This includes regular updates and patches to software and systems, strong password policies and using antivirus and anti-malware solutions. Consistent maintenance and vigilance in cyber security practices can prevent many attacks from succeeding.
Third is to acknowledge that insider threats require attention. Whether through malicious intent or negligence, employees can compromise sensitive data. It is crucial to have strict access controls, monitor user activity and educate employees about the importance of data security. Regular background checks and monitoring can also help mitigate insider threats.
Fourth is to recognise that rapid response and communication are key. Delays in identifying and addressing a breach can exacerbate damage. As such, businesses should have a clear incident response plan that includes immediate actions to contain the data breach, assess the damage and communicate with affected parties, which can help mitigate some of the reputational damage.
Last is to have a disaster recovery plan in place. Having a robust disaster recovery plan ensures that a business can quickly restore operations and minimise downtime. This plan should include regular backups of critical data, a clear chain of command and predefined roles and responsibilities during an incident. Testing the disaster recovery plan through simulations can also help ensure readiness when an actual breach occurs.
“Such preventive measures are crucial in reducing the eventual impact of an intrusion,” adds Dr Kolochenko. “Once the breach has occurred, rapid isolation of the breached infrastructure, incident investigation in collaboration with the legal team, and prompt but well-thought-out communications with all impacted parties may significantly reduce the overall damage.”
Disclosure to stakeholders
Given the potential ramifications of a cyber attack, there may be a temptation by organisations to withhold the more telling impacts of a breach from key stakeholders. Making this decision could be comforting in the short term, but disastrous in the long run.
“The response to a cyber security incident can require a significant expenditure of resources and can cause financial damage, data loss and reputational harm,” says Ms Rose. “If an organisation does not have an incident response plan and related information security policies in place that are communicated to and upheld by key stakeholders, it is at risk for unexpected business disruptions, no matter the type of industry.
“Many organisations include financial security incident considerations already in their budgets,” she continues. “However, preparing for reputational risks associated with security events should be equally considered, and messaging is crucial both internally and externally.”
When making a disclosure, advises Dr Kolochenko, an organisation should first establish the nature of the breach, what kind of information was compromised and its impact and scale. Next, it is important to determine all the mandatory disclosures that are required by law, ensuring timely notifications to all concerned parties and regulators. Organisations should also ensure their disclosure is brief and factual, while clearly explaining the key risks and remediation measures already in place, as well as those that will be implemented later.
“Prompt, honest and support-oriented communications with victims of a data breach can even enhance an organisation’s brand image,” adds Dr Kolochenko. “No one is fully immune from data breaches, but many organisations tend to downplay the impact, negate their fault or fail to adequately support the victims.
“Unsurprisingly, they later face a massive exodus of customers who value transparency and honesty,” he continues. “Avoid over-disclosure or painting an unnecessarily grim picture as those will also hurt, while being unlikely to bring any value to the victims.”
It is also important for organisations to guard against both over-disclosure and under-disclosure, which could prove disastrous from a legal, reputational and financial standpoint.
Cyber insurance
While it cannot prevent a breach, cyber insurance can help mitigate the financial impact, covering costs such as legal fees and even ransom payments. Growing in popularity, global cyber insurance premiums are projected to be worth approximately $29bn by 2027, according to Munich Re.
For Mr Mahna, cyber insurance is, quite simply, a must have. “There are far too many gaps that an organisation cannot remediate right away due to time and cost reasons, and insurance helps mitigate those concerns,” he asserts. “One issue, however, that insurance is not addressing is the immediate needs a business has.
“We often see organisations get breached and immediately go out of pocket for costs to mitigate and remediate,” he continues. “Insurance usually comes in on the longer term, but many organisations struggle with the immediate impacts.”
Compounding these difficulties is the uncertainty surrounding what should be covered in a cyber liability insurance policy. “Cyber threats and incidents are advancing and predicting coverage is becoming increasingly difficult,” concurs Ms Rose. “Cyber language will continue to evolve in policies and costs of cyber policies will continue to escalate as incidents become more significant and the cyber landscape evolves.
“There is not necessarily a standard cover language for cyber insurance,” she continues. “Therefore, understanding what is included in coverage and what could be included is essential when working with insurance firms. The unpredictability and severity of cyber events also leads to this uncertainty. Even as discussions continue about coverage, the fundamental need for cyber insurance along with cyber security measures, remains essential.”
Bleak future?
While the increasing complexity of cyber space presents organisations with a profound challenge in achieving cyber resilience, the reality is that many remain ill-equipped to defend themselves, failing to see any direct correlation between a cyber attack and a requirement for stronger safeguards.
“Even after an organisation suffers an attack, the likelihood they will focus on proactive security steps moving forward is low,” contends Ms Rose. “Many are stuck in the pattern of putting out obvious fires rather than assessing the compromise from a forward-looking perspective.”
Without proactivity, a bleakest future is potentially on the horizon: a cyber threat landscape shaped by increasingly sophisticated attacks, with ransomware, social engineering and AI-powered cyber crime remaining top concerns, according to the WFO.
“The cyber crime industry will steadily proceed toward maturity, pragmatic and cold efficiency, and a clear focus on profit maximisation,” warns Dr Kolochenko. “At the same time, the cyber security industry is frequently the antithesis – suffering from bureaucracy, sluggishness, personal ego and internal turf battles – eventually creating a paradise for the bad guys.”
© Financier Worldwide
