Mitigating chaos and uncertainty during a global pandemic
16 April 2020
These are unprecedented times for business; however, crisis management is nothing new for humanity. A quick rewind through history to October 1911 would revive the names of the great explorers Roald Amundsen and Robert Falcon Scott, who competed to be the first to reach the South Pole.
In 1911, the explorers Roald Amundsen and Robert Falcon Scott competed to be the first to reach the South Pole
Two different leaders: two different outcomes
Battling the same temperatures and terrain, the two expeditions achieved different outcomes. Amundsen was victorious, leading his team safely back home. Scott’s flawed leadership resulted in the team's defeat, 34 days after Amundsen’s victory. Scott died soon after, alongside four members of his expedition. How can one leader achieve an incredible triumph in such a harsh terrain, while the other leader failed to survive?
Cyberdiscipline is essential in order to remain resilient during cyberattacks
Preparing, responding and remaining resilient during cyberattacks
It wasn’t a matter of luck. Analysis shows that Roald Amundsen exhibited an uncanny, focused discipline in three domains: preparedness, response, resilience.
With the current COVID-19 pandemic, businesses need to focus on their core cyberdiscipline to remain resilient in the face of cyberattacks. We can see a significant rise in coordinated cyberattacks as the majority of businesses shift their modus operandi to remote work (WFH).
As their employees work from home, businesses are experiencing a significant rise in cyberattacks
With the change in working dynamics, there is a dire need to refresh the responsibility assignment matrix (RACI model) around domains (including people) to develop a layer of accountability and consultation. The mandatory mapping of the complete network is crucial. This will create visibility and allow organizations to critically evaluate the network; most organizations will come across the following blind spots during analysis:
- remote connectivity valuation
- patch management appraisal
- network topology assessment
During the current chaos, we must not allow a preventive mind-set, and ‘analysis paralysis’ syndrome seep in. In the first instance, we should be able to understand the attack telemetry by creating end-to-end visibility through appropriate tools and procedures. In the second, organizations need to accept that they may get breached during this pandemic crisis and they need move towards more proactive analysis that enables them to integrate a single normalized platform to detect the behavioural classification of cyber criminals.
Organizations will need to re-define the parameters of their response for the purposes of:
- Business and risk alignment: This is about understanding the mission, scope and authority needed to mitigate risk.
- Visibility: Define the visibility required to achieve mission readiness.
- Content: Build enablement for detection — including use cases, situational awareness, and baseline.
- Applied intelligence and analytics: Analyse, attribute and predict the threat to refocus the mission.
All critical processes must be tested, analysed and updated on a regular basis, in order to ensure all personnel involved are fully prepared and capable of quickly, efficiently and safely achieving the required objectives.
Resiliency techniques shouldn’t just focus on the perimeter, which means deploying more and more new technologies. Instead, organizations need to follow an intelligence-driven security framework or phased approach. To achieve the state of so-called ‘Cyber Swing’ (like ‘Swing’ in rowing – that state of near perfection when all rowers are in harmony with no wasted energy) within a business environment, organizations need an incremental resilience strategy to help them reach a stage of security maturity and to pre-empt advanced attacks.