PacketWatch
This is Part 2 of our post to help business owners understand which cyber security questions should be the basis of a readiness discussion with their IT Team. If you have any concerns or doubts, please give us a call. We offer an in depth Network Security Assessment that will improve your risk and vulnerability visibility and a Managed Detection and Response service that will protect your network with continuous packet-level analysis and proactive threat hunting.
Here are questions 6 through 10. Be sure to visit Part 1 or download the PDF below to see all 10 questions.
6. If you suspected an intrusion in our network, how would the process work to remediate and who would make the decisions on what we should do?
All 50 states have breach notification requirements some with as little as 72 hours before significant penalties kick in. However, few businesses have an adequate plan in place to identify a system security breach and know what to do next. The IT department will rush to fix the problem possibly destroying important evidence pointing to the identity of the culprits and likely not finding the root source of the problem. Who will you call for help? Jumping the gun can be costly too if experts determine there was no incursion. A football team wouldn’t walk onto the field without a playbook, yet the folks that are managing your livelihood may be acting without a plan.
7. If an attack resulted in an outage, how long would it take to be fully functional with the affected systems?
If ransomware from an accidentally clicked phishing email was to encrypt the hard drives of your key systems and you were unable to process orders for days or weeks, how much would that cost you? It cost FedEx and its European affiliate, TNT Express, $300 million and resulted in a damaged reputation and lost business. The CEO said the attack “posed significant operational challenges”.
What “operational challenges” are you willing to accept?
8. How do we stay current on the cyber risks we face in our industry and the marketplace?
In 2005, researchers estimated that a new virus was created every 12 minutes. In 2015, they estimated that 4 pieces of malware were created every second. Experts believe antivirus software, although necessary, is still only typically 40% to 60% effective. With sophisticated nation-states, foreign intelligence services, organized crime syndicates, foreign universities and others actively pursuing American businesses, having access to up to date information and cybersecurity expertise in identifying the tactics, techniques, and procedures (TTP) of these adversaries is key to being successful. Most businesses try to do it on their own and often fail as a result.
9. Do we have cyber insurance to cover us if something was to happen? What would it cover? What would it not cover?
Cyber insurance is an important tool to transfer some of your cyber risk to a 3rd party but it doesn’t cover everything and it may cover nothing. Policies and coverage vary from carrier to carrier. There are few standards and evolving case law in how policies are interpreted. A detailed analysis of the amount and the types of coverage that you maintain, and how they work in conjunction with your other insurance policies is critical to analyze. Additionally, look to see who manages an “incident” if one is declared. It may not be you – even though it’s your business.
10. How do we know that the money we are spending is being used most effectively to secure the organization?
Businesses have rushed to improve their security by purchasing expensive technology and software, expecting that “it” will protect them from these adversaries. While these tools may have a role, their effectiveness may wane quickly as new attacks arise while costs continue to mount. A periodic thoughtful discussion with your IT management team and knowledgeable outside experts covering topics such as: current risks, the evolving threat environment, your current security posture, current capabilities (technology and people), future business requirements and the effectiveness of your security program will help you better prioritize needs and make more effective decisions.
Download Questions
(.pdf)
Next Steps
What level of risk are you willing to accept? Sit down with your IT team and discuss these key questions to determine your comfort level today and into the future. If you would like a second opinion on your security posture, be sure to engage a knowledgeable team of cybersecurity experts to help identify and fill the gaps in your strategy and operations.
Be sure to read Part 1 for the first 5 questions:
“10 Cyber Security Questions Business Owners Should Ask Their IT Department (Part 1)“