With the coronavirus pandemic threatening organizations’ resilience around the world, the C-suite and risk managers are facing unprecedented challenges when it comes to preventing cyber risks. Keeping your company running in this environment requires approaches outside of “business as usual.” Enterprise-level response and recovery are now critical to protecting your organization and its bottom line.
Cyber attacks are inevitable, but losses are not.
The pandemic poses new challenges for organizations that are forced to rely on remote work and adjusted schedules and practices. These deviations from the status quo present unique cyber security challenges––and unique opportunities for cyber criminals. Cyber villains are leveraging the pandemic to engage in social engineering and phishing tactics to gain unauthorized access to your company’s networks.
Although a cyber event can strike at any time, with cyber resilience engineered into your business, you can minimize the effects of a cyber loss. Cyber resilience is not only about preventing the event, but also being prepared for the recovery. Recovery and response time to a cyber attack are the primary component that drives severity.
Below, FM Global’s Vice President, Manager Cyber Hazards Jeff Tilley and his team outline questions you need to ask to prepare your organization for a cyber event.
Who has a seat at your enterprise risk-management table?
Ensure that the owners of both the business and operational networks are present and working together. A vulnerability in one could expose them all.
Have you identified operationally critical systems and ensured they are backed up on a regular basis?
Protecting everything at the same level is not cost-effective and impossible to manage. It is important to ensure systems most critical to support operations are protected. Using this protection strategy and having strong data backups for these systems will allow you to reduce downtime and the negative impact on operations when an attack occurs.
Have you established recovery objectives for critical systems and tested restoration?
Recovery objectives are the amount of time a business can go without operating before it is negatively impacted. A recovery objective of four hours means you need to have your systems restored after an attack within that time period. If you fail, the business will begin to suffer financial loss.
What are the most important data assets in the organization and are they adequately protected?
Not all data is created equal, and it’s important to recognize that as you implement security practices and protection. Ensure that your critical data is backed up with copies and protected with a balance of importance from ransomware attacks.
Does your organization have up-to-date business continuity, disaster recovery and incident response plans that account for cyber and are approved by leadership?
These plans work together during an incident, and each has a unique yet critical function:
- Business continuity identifies and continues critical business processes during a time of crisis, such as a pandemic, hurricane or cyber event.
- Disaster recovery focuses on having the right technical infrastructure in place to handle an outage such as redundant systems, data backups and failover capability.
- The incident response plan identifies and contains the impact of an incident. In order to do this effectively, organizations need to take a managed approach and establish roles and responsibilities before the event.
Does your organization provide security awareness training (phishing exercises, consistent messaging from leadership) to all employees?
Ninety-five percent of cyber losses have a component of human error that makes the attack successful. To prevent a slip-up, employees at all levels need to be well-versed in how to spot a potential cyber attack, and be aware of the importance.
Have you had a third-party assessment of your cyber security program?
Depending on where you are with your cyber program, it might be tough to hear that deficiencies have been identified. But, it’s better to find out now, and develop a prioritized plan to plug holes and close gaps, than wait for a cyber attack to show you your vulnerabilities.
FM Global’s three-part Cyber Risk Assessment consistently identifies gaps in policyholders’ environments that, if closed, could reduce the risks arising from a common cyber attack such as ransomware. The assessment highlights the gaps and provides insight into their criticality, ways to mitigate and how to prioritize to maximize cyber resilience.
The good news is that by answering these questions and taking the appropriate measures you can prepare your organization to withstand a loss from a cyber event. In the context of the insurance relationship, FM Global offers to its policyholders resources to help them engineer cyber resilience into their business.