Speakers
Synopsis
I would like to start sharing my personal experience with a ransomware attack in the emergency services sector. The lesson learned from this incident enabled me to develop and execute a robust cyber resilience strategy.
This ransomware attack was a triple extortion attack, completely jeopardised the ability to use ICT systems, and significantly impacted the emergency services operational capabilities.
The initial cyber-recovery of the systems took almost 3 months, and full operational capabilities were restored after 6 months of the initial attack.
The lesson learned:
important considerations and questions to emphasize when developing a recovery guidelines framework:
- (a) Identification of Threat Actor Metadata
- (b) Timeline of Threat Actor Presence (Dwell time)
- (c) Identification of Connections and Backdoors
- (d) Sanitisation of recovered systems before moving to the production environment
By addressing these questions and considerations, organisations can develop a comprehensive recovery guidelines framework to effectively respond to ransomware attacks and restore normal operations with minimal disruption.
Cyber Resilience Strategy
Cybersecurity focuses on preventing intrusions, while cyber resilience emphasizes an organization's ability to maintain operations despite incidents.
- (a) Understand the current state
- (b) Define the target state.
- (c) Develop a roadmap.
Establishing a strategy should prioritize remediating risks and delivering business outcomes. It's important to identify the specific objectives and scenarios you aim to address.
This roadmap guides the incremental uplift of capability maturity while reducing risk levels over time.
How do you get buy-in from the board for the cyber resilience strategy?
Board reporting plays a crucial role in securing executive buy-in, obtaining funding for security uplift programs, and influencing organizational priorities for security risk remediation. To effectively communicate with the board, it's essential to understand their language and motivations.
1. Start with why: Begin by articulating the importance of risk remediation, compliance with regulatory obligations, and enabling the business while optimizing costs through automation.
2. Know Your Board Members: Recognize that many board members in Australia are affiliated with the Australian Institute of Company Directors. They have a defined cybersecurity governance framework emphasizing strategy, resilience, culture, and incident planning.
3. Understand Board Questions: Familiarize yourself with the questions board members typically ask the Chief Information Security Officer (CISO). Being prepared to address these questions in your reporting demonstrates preparedness and understanding.
4. Provide Forward-Thinking KPIs: Present Key Performance Indicators (KPIs) that offer insights into future security posture and performance. Predictable KPIs help the board gauge progress and make informed decisions.
- (a) Time to Patch Critical Vulnerabilities
- (b) Incremental Update for Capability Maturity Level:
- (c) Benchmarking Cyber Maturity Level: Industry Sector Maturity.
- (d) Time to Resolution
- (e) Achievements in Risk Reduction and Return on Investment
- (f) Cost Optimization through automation and AI
- (g) Improving Cybersecurity Culture
