By Burgess Cooper, Partner – Cyber Security, EY India
It is a Friday evening, everyone has left and you are struggling to finish a report that has to be submitted to the Board first thing, Monday morning. You log on to the internal portal to extract some report and to your surprise the system is down. Your IT Helpdesk too is unaware and not helpful. The Chief Information Security Officer of your company happens to be a close colleague and you make a random call enquiring about the system outage. Boom! You’ve been attacked, cyber-attacked.
In today’s times, cyber security is not just a technology issue. It is a business risk that requires an enterprise-wide response. Rapid technological advancements have turned security on its head and fundamentally transformed the way security was being looked at.
Cyber security, and the importance of senior management and board engagement on the issue, has been generating a lot of discussion lately. The wave of security breaches hitting leading organizations across sectors has made it clear that no organization is immune from this threat.
A new trend has recently emerged — we are not attacked for who we are, but what we can give access to. The challenges faced today have altered expectations, strained resources, and caused a paradigm shift in information security.
Organizations can combat cyber threats by building a robust framework for cyber governance. Boards, managements and CFOs need to not only devote more attention to this ever increasing risk, but also evaluate their corporate readiness for such attacks.
Key takeaways which can be expected from Cyber War Game:
a) You'll never have enough time. Even top executives with years of experience in managing crisis aren't always prepared to handle cyber incidents.
b) Sought help. The CFO and CMO wanted to hire a crisis communications specialist. The CISO wanted invest in new network monitoring and behavioural analytics tools. The CEO ignored the usual procurement requests to acquire whatever they needed in the crisis circumstance.
c) Don't forget about your employees. While everyone is firefighting with external agencies, organizations often forget to communicate about the cyber-attack situation to their own employees.
d) Cyber War Game is not just a one-time activity. People come and go, strategies change, but in the end practice makes perfect.