Destructive cyberattacks mow viewed as a top risk to many businessesA new poll from Deloitte, Cyber Recovery: Surviving a Digital Extinction-Level Event, asks a number of pertinent questions about our cyber-security
In an era of technological transformation and cyber everywhere, the attack surface is exponentially growing as cyber criminals attack operational systems and backup capabilities simultaneously in highly sophisticated ways leading to enterprise-wide destructive cyberattacks.
Majority of C-suite and executive poll respondents (64.6%) report that the growing threat of destructive cyberattacks is one of the top cyber risks at their organization. It’s time for senior leadership to modernize risk management programs and solutions to keep pace with the current threats and technologies to incorporate new educational tools, technical solutions and business strategies.
A truly viable cyber resilience program can benefit an organization’s ability to recover, respond and be ready for a destructive cyberattack, where over a quarter of respondents (27.2%) believe a comprehensive approach to cyber resilience would most improve their organizations’ approach address these potential extinction-level events.
Why it matters
The well-publicized impact of the NotPetya attack, for example, spread beyond it’s intended target in seconds, and highlights how cyberattacks can compromise countless devices and spread across global networks in seconds rendering servers and endpoints inoperable. From destructive malware to the growing threat of ransomware, attacks like these can propagate quickly and extensively impact an entire enterprise network.
Even organizations with fundamentally sound risk management programs will need to adapt to emerging and elusive cyber risks and the destructive impacts they present. Improving cyberattack readiness, response, and recovery will require a new approach to many traditional risk domains.
A Deloitte poll asked executives how prepared they are to withstand such an attack:
Why are these attacks so successful?
- Poor access management: A fundamental issue that is pervasive and is often the open door through which a destructive attack will initiate and spread.
- Weak cyber hygiene: Poor cyber hygiene has a direct impact on enterprise security and can be most commonly seen in the form of missing patches, misconfigurations of systems, partially deployed security tools, poor asset discovery and tracking.
- Poor asset management: This can happen when organizations have no knowledge of specific applications, operating systems, or other device information, and the relationship between those applications.
- Flat networks: Flat networks allow an adversary to easily maneuver to any system. Minimal segmentation and zoning allow for lateral movement, expanding the adversary’s reach into the enterprise.
- Aggressive redundancy: Traditional recovery results in aggressive data redundancy for critical systems. When malware is introduced, these costly backup capabilities accelerate the spread across environments.
- Limited business awareness: Leadership may still be operating under the assumption that the time, money and effort put into traditional disaster recovery programs are going to protect them in a destructive malware scenario. They need to be aware of the gaps and refocus efforts on these emerging threats.
“Understanding your organization’s attack surface, and what implications a destructive cyberattack may have are important, but what is critical is to avoid ‘analysis paralysis’ and move quickly on deploying the proper technical solutions, like the cyber recovery vault, educational tools and business strategies. Senior leadership and boards need to get a grasp of what their traditional disaster recovery plan provides, what it does not provide, and how an attack might play out. When boards are made aware of the risk, these capabilities are often prioritized and quickly implemented.”
– Pete Renneker, technical resilience leader in cyber risk services and a managing director at Deloitte & Touche LLP
“Physical and traditional outages are often measured in hours or days. Whereas destructive attacks are often measured in weeks or months, which can be very difficult to recover from. To be successful, you have to have strong agile capabilities and leaders on the ground who can address the risks and interact effectively in the event of a large-scale incident.”
– Kieran Norton, infrastructure security leader in cyber risk services and principal at Deloitte & Touche LLP
Building a comprehensive cyber approach
A viable cyber resiliency program expands the boundaries of traditional risk domains to include new capabilities like employee support services; out-of-band communication and collaboration tools; and a cyber recovery vault.
A cyber recovery vault is isolated on the network to limit lateral movement by a threat actor, secures the environment physically and logically, prevents deletion or destruction of critical data, and can be analyzed to accelerate identification of suspicious activity. Given its design, the data sits in a cryogenically frozen state, meaning malware may enter the vault but will be unable to deliver its payload. This makes it possible to extract and cleanse affected data, recover critical systems, and restore the business as soon as possible.
With more than a quarter of respondents (26.3%) reporting that their organization’s biggest challenge in implementing a cyber recovery vault is budget restrictions, organizations should consider focusing first on deploying a critical materials vault limited to protecting essential services. This accelerates protection against these threats, reduces the initial spend, and enables the organization to analyze additional protection requirements in parallel.
The items that need to go into the cyber recovery vault, how the data is protected, and the core components are outlined below:
About the online poll
On Dec. 4, 2019, a Deloitte Dbriefs webcast, titled “Cyber recovery: Surviving a digital extinction-level event,” polled more than 2,800 C-suite and other executives about cybersecurity and cyber recovery protocol. Answer rates differed by question. About Deloitte
Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world’s most admired brands, including nearly 90% of the Fortune 500® and more than 5,000 private and middle market companies. Our people work across the industry sectors that drive and shape today’s marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthy society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Now celebrating 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte’s more than 312,000 people worldwide make an impact that matters at www.deloitte.com. Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.