What To Do in a Cyber-Attack? Business Alertness and Best Practices Are the Best Response

In the critical phase of the fight against the pandemic, in spring 2020 there was a wave of extortion of basic health infrastructures. Subsequent cyber-attacks took down the systems of several Spanish city councils and even dared to attack the Court of Auditors and the National Security Council. The UK had to reschedule more than a thousand surgical operations due to the WannaCry malware attacks. The computer company Acer had its files encrypted and was held for a record $50 million ransom.

These are just some of the most notorious cyber-breaches that have occurred in recent years. According to IBM, since March 2020, cases of phishing and ransomware have soared by 6,000% worldwide. Spanish companies suffered 40,000 attacks per day in 2021 (+125%) and the Allianz barometer places them as the number one threat to the private sector in 2022, while Latin America is estimated to suffer 137 billion attempted attacks between mid-2021 and 2022 — with Brazil, Mexico and Colombia leading the way — with twice as many ransomware cases. The Business, Security and Company Foundation warns of the Big One: the threat of massive aggression by unscrupulous governments capable of collapsing entire countries.

Those who have not been attacked will be attacked

This proliferation of cyber-crises in the last two years requires a reaction, i.e., management, that is commensurate with their destructive potential, says Jorge Hurtado, Senior VP EMEA at Cipher: Prosegur's specialized cybersecurity unit. This is why he shares the maxim that "there are only two kinds of companies, those that have already suffered a security breach and those that will suffer one in the future".

"The trend of increasing attacks and their severity will not change in the short term", and he meditates on the digital transition precipitated by the pandemic, when in a year-in-a-half progress has been made where it would have taken seven. According to Hurtado, we are facing an unprecedented risk "in terms of loss of reputation, loss of customers, financial loss or fraud, the destruction of vital information with no option to recover it, the publication of sensitive data or fines for non-compliance with regulations".

cyber-crisisPeople, the first line of defense

What cracks do cyber-mafias exploit to perpetrate their harmful actions? For example, native cloud services, the proliferation of insecure IoT devices, operational technologies in poorly secured infrastructures and industries. But above all, Hurtado stresses human vulnerability. That the business culture, and especially management, is not aware of the real extent of the threat.

Therefore, good prevention necessarily starts from this degree of awareness and alertness. In this case, an important advantage is available: other processes of technological change often meet with resistance, but the importance of cyber security for digitized businesses is so obvious that hardly anyone questions it. The first best practice recommendation would be to involve the workforce and to translate this culture into an efficient management strategy.

Prevention so as not to react

"Management capacities and structures cannot be improvised, it is essential to develop them in advance", warns the National Cryptologic Centre (CCN-CERT), which recommends a comprehensive strategy based on business values; a proactive leadership; crisis and coordination committees: diagnostics and scenario definition; armoring plans, protocols and systems; unified, transparent, empathetic and accountable communication; constant updating and testing; and capacity to apply lessons learned.

But, according to CNN, too many companies still see cyber-security as an expense rather than an investment with an assured return: "Given the increasing frequency of cyber-attacks and their huge impact on the services, information and reputation of organizations, there should be no hesitation in carrying it out". And adds the Centre for Industrial Cyber-security: "The outsourcing of the service means a significant saving in fixed costs for highly qualified staff".

But not just any outsourcing will do, but outsourcing to certified technology partners capable of end-to-end management, with managed detection, response and security services, cyber-intelligence, technology integration, risk management, compliance and 24-hour operational centers. Experience in diverse markets contributes to continuous updating and the ability to adapt on a case-by-case basis.

individual-empowermentTraining in simulated scenarios

If management is to be preventative, mock attacks are a necessary tool to diagnose weaknesses and require customized solutions, as well as a value-added service from quality providers. Companies can use a reference model to plan for this: Cyber Crisis Management exercises, with the participation of Prosegur, organized by ISMS Forum and the Department of National Security (Presidency of the Spanish Government), which confirms the public and strategic interest in private cyber-security.  

Participating companies and institutions are subjected to fictitious but realistic attacks and, based on their decisions to minimize impacts, parameterized categories are applied that assess their detection and management maturity, which assess their maturity in detection and management, procedures, internal and external communication with authorities and stakeholders, etc., to finally define the practices that improve resilience and management capacity in each case.