Rumors of War: Protecting Yourself from State-Sponsored Cyberattacks

Recent news from the Middle East highlights the growing threat of state-sponsored cyberattacks, adding to the dangers posed already by independent hackers.

In today’s post, we’ll look at how business continuity management can help and what steps your organization should take to protect itself against this kind of attack.

CYBER THREATS IN THE NEWS

Did you see any of the recent news articles saying that Iran might retaliate against the U.S. for the airstrike that killed their top general by launching cyberattacks against sectors of the U.S. economy?

If you haven’t heard about state-sponsored cyberattacks, here are a few to help you get up to speed:

• Iranian Cyberattacks Are Coming, Security Experts Warn, Barron’s, Jan. 6, 2020
• Should Banks Expect Cyberattacks from Iran?, American Banker, Jan. 7, 2020
• The risk of an Iran cyberattack is up after missile strike on Iraqi military bases with US troops, USA Today, Jan. 8, 2020
• Iran’s Military Response May Be ‘Concluded’ but Cyberwarfare Threat Grows, New York Times, Jan. 8, 2010

The threat of cyber attacks is nothing new.

Even the threat of cyber attacks by foreign governments is nothing new. Remember when North Korea hacked Sony Pictures out of anger at Sony’s producing a comedy movie making fun of their national leader?

However, the recent tensions with Iran have brought the possibility of a foreign country’s launching large-scale cyberattacks against American businesses to top of mind.

The consensus is that the risk of such attacks is real and growing, whether it’s Iran, North Korea, or some other country doing the attacking.

The truly scary thing, as far as I’m concerned, is that many organizations continue to have their heads in the sand when it comes to this type of threat.

Do your duties include ensuring your organization can recover quickly if it is hit with disruption by a state-sponsored cyberattack? If so, the only responsible attitude you can take toward cyber attacks is to assume it is a matter of when not if one will strike your company.

HOW BCM CAN HELP

One of the best things you can do to make sure your company will be resilient when a potential state-sponsored cyberattacks come is by beefing up your business continuity management (BCM) program.

Each of the five pillars of BCM—the BIA, the threat and risk assessment, crisis management, business continuity, and IT/disaster recovery—help prepare and protect the organization against cyber attacks.

Here’s how each of those five areas can help you get through such an attack:

• The business impact analysis (BIA) helps you identify which of your business units, processes, and systems are the most critical to the organization and thus needs to have the greatest level of protection.
• The threat and risk assessment (TRA) helps you understand the threat landscape you face in terms of cyber attacks as well as their potential impacts and your current level of mitigation.  
• The crisis/incident management aspect of your program ensures you will have a plan and team in place to deal with a cyberattack, and that the plan has been tested and the team trained.
• The business continuity part of your program is about creating plans and training staff to deal with the loss of critical business processes. This includes creating and testing workarounds for key processes that the organization can turn to if the standard processes are made unavailable due to technology outages.
• The IT/disaster recovery (IT/DR) part of BCM is about creating recovery plans and strategies for use in the event of an attack on the organization’s critical computer systems and applications.

These five areas all work together.

By strengthening them, you will not only be beefing up your BCM program, but you will also be increasing your organization’s ability to withstand and recover from a cyberattack, whether it is launched by a hacker from down the block or a foreign country across the sea.

HOW YOUR ORGANIZATION CAN PROTECT ITSELF FROM STATE-SPONSORED CYBER ATTACKS

People sometimes ask me what they should do first as they set about trying to get their house in order in terms of being prepared for a cyber attack.

In my view, tackling the main steps in this order makes the most sense:

1. Conduct a TRA so you have a grasp of the threats facing your organization, the likely impact of an attack, and your current level of mitigation.
2. Create a crisis management team so you have an organized group of trained, mentally prepared people in place to respond if and when something happens.
3. Conduct a BIA so you understand what your most critical business processes are and thus know what’s more important for you to protect.
4. Devise an IT/DR plan so you have the capability of restoring and recovering your critical computer systems.
5. Have the business units devise viable workarounds for their most critical processes (e.g., processing and shipping orders, customer service, paying suppliers) so they can quickly restore operations in the event of technology disruptions.

Foreign countries are known to have the ability to attack the computer systems of domestic organizations as a way of striking at the country overall. Experts suggest it is only a matter of time until they do so.

This means that the threat of state-sponsored cyberattacks, already high, will grow higher and more serious as the decade of the 2020s unfolds. The best time to start preparing and protecting your organization against such attacks is now.