Is Business Ready for an Extinction-level Event?
New York, NY (Jan. 6, 2020) – Key takeaways from the Cyber Recovery: Surviving A Digital Extinction-Level Event poll include:
- In an era of technological transformation and cyber everywhere, the attack surface is exponentially growing as cyber criminals attack operational systems and backup capabilities simultaneously in highly sophisticated ways leading to enterprise-wide destructive cyberattacks.
- Majority of C-suite and executive poll respondents (64.6%) report that the growing threat of destructive cyberattacks is one of the top cyber risks at their organization.
- It’s time for senior leadership to modernize risk management programs and solutions to keep pace with the current threats and technologies to incorporate new educational tools, technical solutions and business strategies.
- A truly viable cyber resilience program can benefit an organization’s ability to recover, respond and be ready for a destructive cyberattack, where over a quarter of respondents (27.2%) believe a comprehensive approach to cyber resilience would most improve their organizations’ approach address these potential extinction-level events.
Why this matters
The well-publicized impact of the NotPetya attack, for example, spread beyond it’s intended target in seconds, and highlights how cyberattacks can compromise countless devices, and spread across global networks in seconds rendering servers and endpoints inoperable. From destructive malware to the growing threat of ransomware, attacks like these can propagate quickly and extensively impact an entire enterprise network.
Even organizations with fundamentally sound risk management programs will need to adapt to emerging and elusive cyber risks and the destructive impacts they present. Improving cyberattack readiness, response, and recovery will require a new approach to many traditional risk domains.
A Deloitte poll asked executives how prepared they are to withstand such an attack.
Why are these attacks so successful?
- Poor access management: A fundamental issue that is pervasive and is often the open door through which a destructive attack will initiate and spread.
- Weak cyber hygiene: Poor cyber hygiene has a direct impact on enterprise security and can be most commonly seen in the form of missing patches, misconfigurations of systems, partially deployed security tools, poor asset discovery and tracking.
- Poor asset management: This can happen when organizations have no knowledge of specific applications, operating systems, or other device information, and the relationship between those applications.
- Flat networks: Flat networks allow an adversary to easily maneuver to any system. Minimal segmentation and zoning allow for lateral movement, expanding the adversary’s reach into the enterprise.
- Aggressive redundancy: Traditional recovery results in aggressive data redundancy for critical systems. When malware is introduced, these costly backup capabilities accelerate the spread across environments.
- Limited business awareness: Leadership may still be operating under the assumption that the time, money and effort put into traditional disaster recovery programs are going to protect them in a destructive malware scenario. They need to be aware of the gaps and refocus efforts on these emerging threats.
Understanding your organization’s attack surface, and what implications a destructive cyberattack may have are important, but what is critical is to avoid ‘analysis paralysis’ and move quickly on deploying the proper technical solutions, like the cyber recovery vault, educational tools and business strategies. Senior leadership and boards need to get a grasp of what their traditional disaster recovery plan provides, what it does not provide, and how an attack might play out. When boards are made aware of the risk, these capabilities are often prioritized and quickly implemented.
Pete Renneker, technical resilience leader (cyber risk services) & managing director, Deloitte & Touche LLP
Physical and traditional outages are often measured in hours or days. Whereas destructive attacks are often measured in weeks or months, which can be very difficult to recover from. To be successful, you have to have strong agile capabilities and leaders on the ground who can address the risks and interact effectively in the event of a large-scale incident.
Kieran Norton, infrastructure security leader in cyber risk services and principal at Deloitte & Touche LLP
Building a comprehensive cyber approach
A viable cyber resiliency program expands the boundaries of traditional risk domains to include new capabilities like employee support services; out-of-band communication and collaboration tools; and a cyber recovery vault.
A cyber recovery vault is isolated on the network to limit lateral movement by a threat actor, secures the environment physically and logically, prevents deletion or destruction of critical data, and can be analyzed to accelerate identification of suspicious activity. Given its design, the data sits in a cryogenically frozen state, meaning malware may enter the vault but will be unable to deliver its payload. This makes it possible to extract and cleanse affected data, recover critical systems, and restore the business as soon as possible.
With more than a quarter of respondents (26.3%) reporting that their organization’s biggest challenge in implementing a cyber recovery vault is budget restrictions, organizations should consider focusing first on deploying a critical materials vault limited to protecting essential services. This accelerates protection against these threats, reduces the initial spend, and enables the organization to analyze additional protection requirements in parallel.
The items that need to go into the cyber recovery vault, how the data is protected, and the core components are outlined below:
About the online poll
On Dec. 4, 2019, a Deloitte Dbriefs webcast, titled “Cyber recovery: Surviving a digital extinction-level event,” polled more than 2,800 C-suite and other executives about cybersecurity and cyber recovery protocol. Answer rates differed by question.
About the Center
Deloitte Consumer Industry Center (the “Center”) provides a forum for innovation, thought leadership, groundbreaking research, and industry collaboration to help companies solve the most complex industry challenges.
Technology is changing at a rapid pace, and so are consumers. How will these changes impact the way our clients do business in the future? The Center provides premiere insights based on primary research on the most prevalent issues facing the Consumer industry to help our clients run effectively and achieve superior business results.
The Center is your trusted source for information on leading trends and research that connect insights, issues, and solutions for Deloitte’s four consumer sectors: automotive; consumer products; retail, wholesale and distribution; and transportation, hospitality and services.
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world’s most admired brands, including nearly 90% of the Fortune 500® and more than 5,000 private and middle market companies. Our people work across the industry sectors that drive and shape today’s marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthy society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Now celebrating 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte’s more than 312,000 people worldwide make an impact that matters at www.deloitte.com.
SOURCE: DeloitteTags: cyber attacks, cyber risk, Deloitte, survey, top risks