Modern cyberthreats continue to evolve. In 2021, a record number of cyberattacks and fraud incidents were reported. Phishing, business email compromise, and ransomware attacks increased, as did a new form of cyber fraud aimed at stealing COVID-19 relief payments as well as scams to steal Paycheck Protection Program (PPP) loan payouts.
Also in 2021, a curious kind of large-scale email credential harvesting scheme began proliferating. Instead of leveraging malware, it combines spear phishing — deploying custom webpages designed as near-perfect copies of legitimate service login pages — and a sophisticated single-step sign in process to gain users’ trust before tricking them into giving up their email credentials.
These campaigns target specific departments within an organization by sending emails seemingly related to departmental operations. Organizations with weaker cybersecurity protections are frequently targeted in these campaigns. Weaker protections mean attackers can lurk in systems undetected while snooping for important information or data that might prove useful later.
Combined ransomware and data extortion is a growing threat that became apparent in 2021. Ransomware gangs began targeting businesses that had access to sensitive data and were more likely to pay a ransom to keep it. If the ransom was not paid, stolen data would be released publicly or used for some other nefarious purpose.
The nature of attacks has changed so much that it’s now only a question of when a business will be targeted — not if. An organization’s response to attacks can greatly impact its future. The disaster recovery process must be speedy to restore services, minimize damage, preserve brand reputation, and minimize financial losses. Proactive security measures can help.
Proactive Security Measures
A proactive approach to security will include a robust, automated, and integrated IT stack that allows the organization to quickly analyze the problem, maintain cyber resilience, and preserve all threatened data. Proactive security will incorporate appropriate technology and involve skilled staff to monitor and respond to threats, which builds cyber resilience.
Cyber resilience is the ability to prevent, detect, respond to, recover from, and forensically assess cyberthreats. Cyber resilience helps save the business, its assets and reputation, and ultimately mitigate financial losses.
People can make a difference in all aspects of cyber protection and disaster response. Leadership and support staff working collaboratively can do more than siloed groups working with partial or outdated information that is filtered through multiple levels of reporting. Strategies to improve cyber resilience begin with a focus on IT and information security professionals within the organization.
1. Schedule time for ongoing cybersecurity training for InfoSec teams
Cyberthreats change over time, and so too must the knowledge and skill set for InfoSec staff. Staff should be up to date on new advances in cybersecurity so they can respond appropriately to cyberthreats and quickly pivot to defensive measures. Simply offering training isn’t enough — busy InfoSec teams often find it challenging to find time for routine training.
Leaders must make sure that staff is given the time, opportunity, and funding required for regular training. Build in dedicated time for ongoing cybersecurity training so InfoSec teams are better prepared to protect your organization from the latest threats and prevent costly incidents.
2. Develop and implement a collaboration strategy before disaster strikes
The importance of collaboration between IT teams, leaders, and managed service providers (MSPs) cannot be overstated. Collaboration improves efficiency and benefits every group when done well. Collaboration is a skill that requires practice. Leaders must be intentional about collaboration early on so teams can learn how information flows through the organization.
Build a culture of collaboration through deliberate action. Establish collaborative communication conventions to remove uncertainty and allow everyone to focus on solutions. Develop a plan for sharing and publishing information through multiple channels, and work with your teams to create an efficient workflow.
Test the communications plan to evaluate how well it works for your teams. Can group members act on the information and provide feedback in a timely manner with the current process? How will this work when conditions change?
3. Eliminate guesswork — Consult with MSPs
Engage MSPs early in the crisis management planning process to ensure that your current solutions offer the best protection for your company. MSPs have the expertise and experience to evaluate and recommend solutions best suited to your needs. They are in a unique position to help managers save time and effort on selecting the right cyber protection for their organization.
Leadership responsibilities extend beyond the technical aspects of planning for and responding to cyberthreats. A company’s response to a cyber event impacts brand reputation and revenue in multiple ways.
4. Preserve brand reputation and minimize financial loss
Both downtime and the company’s response to it can greatly impact revenue and brand reputation. Consumer awareness of cyberattacks and data breaches is high. In an FTC study on consumer responses to data breaches, 43% of consumers reported being fatigued by the large number of data breaches, and 40% felt violated by an affected company’s lack of basic security practices. Delays in notifying customers lead to lower satisfaction with the affected company.
Consumers are also concerned with data privacy. A KPMG report found 86% of the general public reported data privacy as a growing concern. Of those, 47% are concerned about the possibility their data will be hacked.
A company’s customer perception is at its lowest when the organization fails to act quickly, or if the mitigation response burdens affected customers to take additional action. Customers are already fatigued by the sheer number of data breaches reported each year.
A multinational bank experienced a two-day service outage resulting in a 2.3% stock price drop. The widespread outage affected online bill pay services, the bank’s mobile app, ATMs, and credit card transactions across the nation. In news reports and on social media, customers expressed disappointment with the bank and shared intentions to take their business elsewhere.
A teledentistry brand saw a 15% drop in stock prices after a cyberattack in 2021. This reportedly short cyberattack had a deep impact on revenues, with the company reporting second-quarter losses of $16.9 million. The company cited delays in treatment service delivery as a result of the attack.
5. Strategies for team alignment
Effective leaders understand the importance of cybersecurity and cyber resilience in minimizing data loss and downtime. All of this is possible when teams are aligned. Leaders therefore must create team alignment to ensure resilience during a cyberthreat. Technology is important, but effective leaders can make a big difference by taking an active role in the recovery process, listening and learning, and communicating clearly with stakeholders and direct reports alike.
Teams can align only when leaders are intentional.
● Meet regularly: Establish a regular meeting cadence to create structured time for addressing important issues early on. These meetings give team members scheduled opportunities to get the latest information and a set time for feedback. Regular meetings bring order to crisis management and internal communications.
● Clearly define roles and responsibilities: Clearly defined roles provide clarity for team members during a crisis. This approach allows teams to work together and address issues without getting confused over their respective responsibilities.
● Manageable workloads prevent burnout: Team members who are overworked or underutilized experience increased stress levels. Leaders can address these issues before they cause burnout by ensuring the workload is manageable for each individual. Depending on the nature of the crisis, teams could encounter obstacles to meeting their members’ basic needs, making it significantly more difficult to fully engage in organizational change management. Leaders should consider the overall effects of an ongoing crisis even while still working through it with their teams.
● Create certainty through open communication: Uncertainty is a major contributing factor to burnout and disengagement, especially during a crisis. Open and regular communication with team members is essential for building resilience. Creating a productive feedback loop is important for the overall success of the team and its disaster recovery efforts. Merely listening to staff concerns without taking action is no different from ignoring feedback entirely.
● Work with MSPs: MSPs are in a position to work closely with leaders to ensure they understand what solutions are available to them. Leaders in turn should consult with their MSP regarding incident response planning. MSPs must work with their clients throughout a crisis to make sure supported systems are appropriately addressed. MSPs are in a unique position to help minimize negative outcomes for customers facing a crisis.
Effective leadership recognizes the importance of deploying robust modern cybersecurity technologies and of the highly skilled people working to solve difficult problems during a cyber event. These leaders encourage and facilitate cooperation between teams in order to ensure that brand reputation remains intact. Effective leaders also engage with and support their teams, and in times of crisis they carefully consider the needs of each team member. Cyber resilience is only possible when teams and technologies work together.
Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 1,800 employees in 45 locations. The Acronis Cyber Protect Cloud solution is available in 26 languages in over 150 countries and is used by 20,000 service providers to protect over 750,000 businesses.