You’re Protected, But You Can’t Get Into The Washroom?

Your company has taken the time to create a comprehensive Incident Response Plan (IRP), and the team is confident their ability to detect and respond to evolving cyber threats. This weekend, the team is going to head into the office and do a run through to ensure there are no flaws in the IRP. The mock response team is working well together, and decide to take a break.  It is only then that one of the team members realizes the bathroom is locked and they can’t get in.  That will make for a long 8-10 hours of testing without any access to the washrooms.

Note to the team: Include custodial contacts in your IRP. 

This is a true story, and a great reminder to not only build an effective IRP but to also test out your plan, do it in the most inconvenient way possible and identify where the gaps lie. Does the custodial team REALLY need to be included on the Incident Response Plan, or does a secondary asset need to be created to serve as a step by step guide to outline every step of not only the IRP but the operational steps as well. Let’s break down what this may look like.

It’s best to find out things like “you can’t use the washroom” during a drill as opposed to the real crisis day. 

An incident response plan is a set of instructions to help IT and executive staff detect, respond to, and recover from network security incidents. These types of plans address issues like cybercrime, data loss, and service outages that threaten productivity. A sufficient incident response plan offers a course of action for all significant incidents. Some incidents lead to massive network or data breaches that can impact your organization for days or even months. When a significant disruption occurs, your organization needs a thorough, detailed incident response plan to help IT staff stop, contain, and control the incident quickly.

Don’t forget the Playbook.

On the other hand, a playbook is also a valuable asset to have during a crisis. An incident response playbook empowers teams with standard procedures and steps for responding and resolving incidents in real time. A playbook is a more step by step guide encompassing all aspects of the business when under duress. Its target audience is generally for the system admin when they are amidst an incident, they are under stress and pressure, and they can’t contact people easily. It outlines step by step what the person should do. This step by step guide is very specific, and the general audience is much smaller.

An IRP serves as your fire escape plan, and the playbook serves as step by step guide to escaping the fire safely. And one thing to remember, if you are storing your IRP on a digital database, ensure there is an accessible hard copy somewhere to ensure the process can still be accessed.

Ensure you have operations represented in your plan. We know that for IT, it is important to prioritize security and confidentiality, but from an operations perspective the priorities are performance and safety. Is OPS represented in your IRP? You can ensure ops is protected by first completing an asset inventory checklist, and then creating an effective IRP for operations by accessing our interactive worksheet, and finally be sure to add it to your organizations IRP.

Wondering if your business needs an IRP? Let us leave you with this: If your network hasn’t been threatened yet, it will be. If it has, then you know the chaos that can follow a cyber attack. Whether a threat is virtual (security breaches) or physical (power outages or natural disasters), losing data or functionality can be crippling. An incident response plan and playbook can help you mitigate risk and prepare for a range of events.

NIST Cyber Defense Strategy

A cyber-attack is an existential threat to your organization. It’s no longer a question of “if” any given company or organization is going to be hit with a cyber-attack — it’s when.

Every company—large, small, in healthcare, technology, manufacturing, and more—has a cyber risk. And almost every day now, we learn about yet another cyber security incident. Be it ransomware, phishing emails, malware, or user data breach, companies are finding themselves the target of a cyber-attack all too often.  Cybersecurity and privacy are urgent concerns for every organization, keeping sensitive data private, intellectual property proprietary, and critical business systems up and running can seem nearly impossible in the face of relentless and ever-sophisticated attacks and breach attempts.

That’s why the National Institute of Standards and Technology (NIST) developed the Cybersecurity Framework (CSF). NIST’s goal was to establish a common set of standards, goals, and language to increase information security and better remediation of the fallout after a cyberattack. It enables organizations of all sizes to discuss, address, and manage cybersecurity risk.  And without reinventing the cyber wheel, it references existing best practices through its Core functions.

Identify

The Identify Function assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities. Understanding the business context, the resources that support critical functions, and the related cybersecurity risks enables an organization to focus and prioritize its efforts, consistent with its risk management strategy and business needs.

Examples of outcome Categories within this Function include:

• Identifying physical and software assets within the organization to establish the basis of an Asset Management program
• Identifying cybersecurity policies established within the organization to define the Governance program as well as identifying legal and regulatory requirements regarding the cybersecurity capabilities of the organization
• Identifying asset vulnerabilities, threats to internal and external organizational resources which can be done via dark web scan
• Identifying a Risk Management Strategy for the organization including establishing risk tolerances
• Identifying a Supply Chain Risk Management strategy including priorities, constraints, risk tolerances, and assumptions used to support risk decisions associated with managing supply chain risks

Protect

The Protect Function outlines appropriate safeguards to ensure delivery of critical infrastructure services. The Protect Function supports the ability to limit or contain the impact of a potential cybersecurity event.

Examples of outcome Categories within this Function include:

• Empowering staff within the organization through awareness and training and developing a cyber aware culture
• Establishing data security protection consistent with the organization’s risk strategy to protect the confidentiality, integrity, and availability of information
• Implementing information protection processes and procedures to maintain and manage the protections of information systems and assets
• Protecting organizational resources through maintenance, including remote maintenance, activities
• Managing protective technology to ensure the security and resilience of systems and assets are consistent with organizational policies, procedures, and agreement

Detect

The Detect Function defines the appropriate activities to identify the occurrence of a cybersecurity event. The detect function enables timely discovery of cybersecurity events.

Examples of outcome Categories within this Function include:

• Ensuring anomalies and events are detected, and their potential impact is understood
• Implementing security continuous monitoring capabilities to monitor cybersecurity events and verify the effectiveness of protective measures including network and physical activities
• Maintaining Detection Processes to provide awareness of anomalous events

Respond

The Respond Function includes appropriate activities to take action regarding a detected cybersecurity incident. The Respond Function supports the ability to contain the impact of a potential cybersecurity incident.

Examples of outcome Categories within this Function include:

• Ensuring Incident Response Planning processes are executed during and after an incident
• Managing Communications during and after an event with stakeholders, law enforcement, external stakeholders as appropriate
• Analysis is conducted to ensure effective response and support recovery activities including forensic analysis, and determining the impact of incidents
• Mitigation activities are performed to prevent expansion of an event and to resolve the incident
• The organization implements Improvements by incorporating lessons learned from current and previous detection / response activities

Recover

The Recover Function identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. The Recover Function supports timely recovery to normal operations to reduce the impact from a cybersecurity incident.

Examples of outcome Categories within this Function include:

• Ensuring the organization implements Recovery Planning processes and procedures to restore systems and/or assets affected by cybersecurity incidents
• Implementing Improvements based on lessons learned and reviews of existing strategies
• Internal and external communications are coordinated during and following the recovery from a cybersecurity incident

Curious if NIST is the right security framework for your business? Take our cybersecurity framework assessment.

Even with the NIST Cybersecurity Framework, many organizations still need more help. Critical tasks like risk assessment, gap analysis, action planning and constantly changing security solutions are left to IT teams. At Next Dimension, we can help you fight evolving cyber threats with best-in-class security solutions and take the stress off your teams. Our managed services provide your business with end-to-end security monitoring, threat detection, and incident response. Let us take care of your security while you focus on your business.

Fighting Back Against Ransomware

Ransomware attacks happen. It’s not a matter of if, but when.

As long as cybercriminals believe your data has value, they’ll continue to exploit vulnerabilities and find innovative ways to encrypt critical data. We need to protect ourselves, our businesses, our revenue, our reputation – and most importantly we need to protect our data. Ransomware is malicious software (malware) used in a cyberattack to encrypt the victim’s data with an encryption key that is known only to the attacker, thereby rendering the data unusable until a ransom payment is made by the victim. With that being said, in order to understand ransomware protection, we first need to understand data protection.

The first step to ensure data protection is simply by testing to identify any vulnerabilities within your systems and applications. Every day, hackers work to steal valuable information to sell on the dark web. This can include usernames, email addresses and passwords, which can make it easy for these cyber criminals to access your network and applications. Unfortunately, It is very likely that your corporate data has already found its way onto the dark web. Somewhere along the line, users at your organization A dark web scan is a great place to start for that, a dark web scan can track whether there has been mention of your business passwords, username, and other connected business/personal information. And the benefit of completing a dark web scan is that the results can help you and your organization strengthen your security posture.

It is clear that data gets on to the dark web in a number of ways, but as we mentioned in our last blog, 95% of all breaches begin with some form of human error.

It is clear that data gets on to the dark web in a number of ways, but as we mentioned in our last blog, 95% of all breaches begin with some form of human error, which brings us to the importance of training staff on cybersecurity practices. Employees need a framework to understand what policies are, how to detect and report concerns, and how to confidently react when a breach occurs. They want to “do the right thing”, they just need to be taught! Security must be a top priority in the organization’s culture; otherwise, staff are likely to circumvent security policies and safeguards in support of productivity. You can access our Creating a Cyber Aware Culture Ebook to learn more. Creating a cyber aware culture will only help to reinforce the importance of stringent cybersecurity policies, and will help to keep important data secure.

Losing any amount of data can be devastating, which is why backing up data is critical. Backing up your data is one of the safest ways to ensure that you’re being proactive about your data’s security. This way, if disaster strikes, you know your information still exists elsewhere. There are plenty of reasons why you should backup your data and take extra measures like storing it in more than one place. If you’re backing up business data, sit down with your team to determine what needs to be stored and how often the backups should occur. Data backup is a better safe than sorry situation.

These are only three of the many ways to fight ransomware with data protection, but they are all great ways to assess your cybersecurity posture among the dark web, your staff and within your data storage. There is an entire framework built around defending against these types of cyber-attacks that enables organizations of all sizes to discuss, address, and manage cybersecurity risk, so be sure to come back for our next blog where we take the NIST cybersecurity framework turn it on its head and share how our team of experts propose starting with the framework.

Combating the Rise of Ransomware

The rise of Ransomware.  It’s one of the fastest-growing cyber threats, according to research from Cybersecurity Ventures, a new organization fell victim to ransomware every 11 seconds in 2021.  It continues to be an extremely lucrative business, and as long as there is money to be made and accessible data to be stolen ransomware is not going anywhere, anytime soon.

Ransomware continues to be everyone’s problem – from governments to corporations and even individuals. The pandemic has further increased opportunities for cyber attackers as employees access company resources from myriad devices/networks not managed by the corporate IT team. And once they’ve found their way into your business and encrypted your data and files, ransomware criminals will demand substantial sums of money to restore them.

Data is the lifeblood of every organization. Being locked out of your own files for even just a day will have impacts to your business operations. But given that ransomware takes most victims offline for at least a week, or sometimes months, the losses can be significant. Systems go offline for so long not just because ransomware locks the system, but because of all the effort required to clean up and restore the networks. And it is not just the immediate financial hit of ransomware that will damage a business; consumers become wary of giving their data to organizations they believe to be insecure.

Businesses and organizations of all sizes, across all industries are at risk for these attacks. In a recent webinar with Danny Pehar of Forbes Magazine, he shared with us the following “Cyber Target Equation”: Sensitive Information + Limited Budget + Limited Resources = A perfect target.

Danny also shared 95% of all breaches begin with some form of human error or lax security procedures, this truly drives home the importance of creating a cyber aware culture. Despite the ongoing rise of ransomware, thorough prevention procedures, data protection and the proper security trainings there is still hope to remain security. Since ransomware has become so multi-faceted, so too must our protections. Ransomware penetrates organizations in multiple ways, so fighting it requires a multi-front strategy. No single technology or best practice alone can prevent it. We must think of ransomware defense as an ongoing, layered process.

In this blog series we will continue to share expert feedback, best practices and procedures to help combat the rise of ransomware. Be sure to check out the sure to check back regularly for new posts. In the meantime,  you can check out our latest Webinar: Combating the Rise of Ransomware with Next Dimension, Danny Pehar & Forbes Magazine.

Making Organizational Processes Safer

Next Dimension curates the most practical and useful tools and strategic IT insights from the web.  This week we shared articles across our social media focused on making organizational processes safer.

145,000+ users affected by IT blunder at KPMG.  Microsoft confirms Teams chat data is not recoverable.

The personal chat histories of 145,000 Microsoft Teams users at KPMG were inadvertently and permanently deleted this month, due to an IT blunder.  “In the execution of a change, a human error was made and a policy was applied to the entire KPMG Teams deployment instead of the specific account,” said the internal memo.  “This error resulted in the deletion of chat history from end-users throughout KPMG.”

The IT group is also said to be working with Microsoft “to improve policy design and behaviour in Microsoft Teams” – and – “To automate service execution and remove human intervention in policy management”.

SOURCE: THE REGISTER

Covid-19 has caused businesses to ask, “How do we leverage technology to make processes safer?  Can we maximize the utilization of resources in ways we never have before?”

Supply, demand, and availability are under stress in many industries.  One rural hospital harnessed Cisco technology to innovate quickly, support more patients, and protect its greatest assets—the healthcare workers on the front lines.  Learn more about their transformation by clicking on the case study below.

Cisco Case Study: Sky Lakes Medical Center

Follow us on Facebook or Twitter and never miss an update.  Prefer a weekly recap? Join our Community (on the right) and be notified when our Industry Wrap is published each week.

Looking for more great resources? Visit our Learning Academy.