Cyber attacks – the only solution is to plan for failure
Over the past few days, new hacking and ransomware attacks have shaken the world, particularly the UK, USA and Europe.
New examples include the ransomware attack of the UK company and global advertising giant WPP, the hacking of parliamentarians’ e-mail system in the United Kingdom, as well as the most recent ransomware attack that targeted the Ukrainian government and some of the biggest companies in Europe.
Grant Thornton’s director: IT Advisory, Michiel Jonker, believes that companies rely too much on preventative controls.
Businesses and governments need to completely change their thinking in terms of cyber security and start planning their controls around the paradigm of guaranteed failure against attacks.
“A change in thinking will enable companies to focus sufficient attention on the efficacy of detective and corrective controls, and thereby recover much faster, following cyber-attacks,” Jonker said.
“We have been conditioned to plan for success in the war against cyber-crime, but we have not been able to prevent all attacks” he said. He believes this is outdated thinking which is not appropriate for the modern interconnected world in which we are operating.
“Companies are often caught on the back foot when they do get targeted by a cyber-attack. It will take them longer to recover and restore integrity to their systems, as their detective and corrective controls – those used to find and solve the problem – will be weaker than the controls relied upon to prevent attacks from happening,” said Jonker.
He urged organisations to shift their focus to improving their detective and corrective controls.
“This is not an approach that will sit well with many risk managers as nobody likes to plan for failure, but it is unfortunately the new reality.”
In addition to bolstering these controls, he suggests organisations take an unconventional approach to protecting the integrity of critical systems.
“We have believed for some time that strategic infrastructure assets – such as nuclear power stations, dams and hospitals – are increasingly at risk of attack, which would have a devastating impact on potentially millions around the world. And today, we have learnt that the monitoring system of the Chernobyl nuclear plant was one of the targets in the Petya ransomware global attack which occurred earlier this month,” he said.
Jonker believes that the nature and frequency of attacks on strategic assets will increase in severity, and that governments need to plan appropriately.
“They need to consider disengaging certain elements or systems of critical infrastructure from the grid and operating these ‘offline’, which should go a long way to securing the integrity of important assets.”
He acknowledges, however, that this complete disengagement is not always realistically possible for many other organisations, as there is often a need for access to some form of online system.
“There has been some global research into creating closed cyber eco-environments for very sensitive assets or infrastructure in organisations – for those who don’t want to totally disengage from the grid, for many reasons. These stealth mode systems allow companies to disengage from the grid to a certain extent, by allowing them to operate – including via e-mail, voice and instant messaging, with a much higher level of security.”
Jonker believes the increasing complexity of cyberspace calls for a drastic change in risk management.
“It is unrealistic to expect employees to ‘think like a hacker’, as cyber criminals and their tools have become much more sophisticated over the years. Normal users cannot outsmart criminals. Companies and governments are infinitely more complex than they were in the past, yet our thinking around protecting the integrity of the crucial systems have not evolved to the same degree.”
“This is just the beginning. The worst is still to come,” Jonker warned. “The sooner organisations realise this and plan appropriately, the better prepared they will be against inevitable future cyber-attacks.
Read: Petya ransomware hits SA – IT experts warn companies to be on alert