In the wake of current political instability and civil unrest, governments around the globe have advised organizations to be on high alert for potential cyberattacks, which represent a growing threat amid geopolitical conflicts. Organizations of all sizes must shift thinking toward managing elevated cyber threats and take an enhanced security stance.
A new Deloitte report, “Insights and actions: Preparing your organization for elevated cyber threats posed by geopolitical conflicts,” offers several steps to bolster security and crisis response preparedness in the days, weeks and months to come.
- Increase vigilance and proactively update indicators of compromise (IOCs) and confirm common vulnerabilities and exposures (CVEs) are fully patched; where possible, reduce digital footprints to mitigate exposure
- Confirm ingress and egress points between enterprise networks and the internet, paying particular attention to non-traditional environments such as remote access, and cloud usage
- Pay close attention to intelligence collection from government bodies and move rapidly to incorporate it into security procedures
- Identify relevant local and federal law enforcement to report a cyber incident, as law enforcement and/or government intervention may be necessary in the event of a potential state-sponsored attack
- Revise incident response (IR) playbooks, especially around data destruction and recovery and crisis communications, to ensure they are up to date. Update playbooks to include scenarios for destructive malware, Domain Name System (DNS), Border Gateway Protocol (BGP), and multiple simultaneous attacks
- Confirm (or expand) security operations coverage for 24/7, global support with proactive threat hunting
- Practice your organization’s ability to prevent, detect, contain, remediate, report, and recover from cyberattacks to confirm program capabilities and resilience
It is also critical to involve other functions that collaborate with security teams, including operations, legal and risk, human resources, and boards and executive leadership teams. Initiating these processes can contribute to stronger security functions both in response to the current elevated threat levels and as part of building high-performing programs beyond the current conflict.
Security practitioners should also consider the enterprise risks that could impact security posture — for instance, supply chain and vendor disruptions from global or multinational operations are possible and may influence normal traffic patterns or crisis operating procedures. These factors require significant strategic executive engagement to keep security and risk indicators in lockstep so that organizations can respond effectively to cyberattacks.
For more actionable steps and takeaways for executives, click here.