{"id":182527,"date":"2017-06-29T08:22:10","date_gmt":"2017-06-29T06:22:10","guid":{"rendered":"https:\/\/businesstech.co.za\/news\/?p=182527"},"modified":"2017-06-29T08:22:10","modified_gmt":"2017-06-29T06:22:10","slug":"cyber-attacks-the-only-solution-is-to-plan-for-failure","status":"publish","type":"post","link":"https:\/\/businesstech.co.za\/news\/it-services\/182527\/cyber-attacks-the-only-solution-is-to-plan-for-failure\/","title":{"rendered":"Cyber attacks &#8211; the only solution is to plan for failure"},"content":{"rendered":"<p>Over the past few days, new hacking and ransomware attacks have shaken the world, particularly the UK, USA and Europe.<\/p>\n<p>New examples include the ransomware attack of the UK company and global advertising giant WPP, the hacking of parliamentarians\u2019 e-mail system in the United Kingdom, as well as the most recent ransomware attack that targeted the Ukrainian government and some of the biggest companies in Europe.<\/p>\n<p>Grant Thornton\u2019s director: IT Advisory, Michiel Jonker, believes that companies rely too much on preventative controls.<\/p>\n<p>Businesses and governments need to completely change their thinking in terms of cyber security and start planning their controls around the paradigm of guaranteed failure against attacks.<\/p>\n<p>\u201cA change in thinking will enable companies to focus sufficient attention on the efficacy of detective and corrective controls, and thereby recover much faster, following cyber-attacks,&#8221; Jonker said.<\/p>\n<p>\u201cWe have been conditioned to plan for success in the war against cyber-crime, but we have not been able to prevent all attacks\u201d he said. He believes this is outdated thinking which is not appropriate for the modern interconnected world in which we are operating.<\/p>\n<p>\u201cCompanies are often caught on the back foot when they do get targeted by a cyber-attack. It will take them longer to recover and restore integrity to their systems, as their detective and corrective controls \u2013 those used to find and solve the problem \u2013 will be weaker than the controls relied upon to prevent attacks from happening,\u201d said Jonker.<\/p>\n<p>He urged organisations to shift their focus to improving their detective and corrective controls.<\/p>\n<p>\u201cThis is not an approach that will sit well with many risk managers as nobody likes to plan for failure, but it is unfortunately the new reality.\u201d<\/p>\n<p>In addition to bolstering these controls, he suggests organisations take an unconventional approach to protecting the integrity of critical systems.<\/p>\n<p>\u201cWe have believed for some time that strategic infrastructure assets \u2013 such as nuclear power stations, dams and hospitals \u2013 are increasingly at risk of attack, which would have a devastating impact on potentially millions around the world. And today, we have learnt that the monitoring system of the Chernobyl nuclear plant was one of the targets in the Petya ransomware global attack which occurred earlier this month,\u201d he said.<\/p>\n<p>Jonker believes that the nature and frequency of attacks on strategic assets will increase in severity, and that governments need to plan appropriately.<\/p>\n<p>\u201cThey need to consider disengaging certain elements or systems of critical infrastructure from the grid and operating these \u2018offline\u2019, which should go a long way to securing the integrity of important assets.\u201d<\/p>\n<p>He acknowledges, however, that this complete disengagement is not always realistically possible for many other organisations, as there is often a need for access to some form of online system.<\/p>\n<p>\u201cThere has been some global research into creating closed cyber eco-environments for very sensitive assets or infrastructure in organisations \u2013 for those who don\u2019t want to totally disengage from the grid, for many reasons. These stealth mode systems allow companies to disengage from the grid to a certain extent, by allowing them to operate \u2013 including via e-mail, voice and instant messaging,\u00a0 with a much higher level of security.\u201d<\/p>\n<p>Jonker believes the increasing complexity of cyberspace calls for a drastic change in risk management.<\/p>\n<p>\u201cIt is unrealistic to expect employees to \u2018think like a hacker\u2019, as cyber criminals and their tools have become much more sophisticated over the years. Normal users cannot outsmart criminals. Companies and governments are infinitely more complex than they were in the past, yet our thinking around protecting the integrity of the crucial systems have not evolved to the same degree.\u201d<\/p>\n<p>&#8220;This is just the beginning. The worst is still to come,&#8221; Jonker warned. &#8220;The sooner organisations realise this and plan appropriately, the better prepared they will be against inevitable future cyber-attacks.<\/p>\n<p>&nbsp;<\/p>\n<hr \/>\n<p><strong>Read: <a href=\"https:\/\/businesstech.co.za\/news\/internet\/182315\/petya-ransomware-hits-sa-it-experts-warn-companies-to-be-on-alert\/\" target=\"_blank\" rel=\"noopener\">Petya ransomware hits SA \u2013 IT experts warn companies to be on alert<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Grant Thornton\u2019s director: IT Advisory, Michiel Jonker, says that companies rely too much on preventative controls when it comes to cyber security.<\/p>\n","protected":false},"author":10,"featured_media":78690,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_sma_x_autopost_status":"idle","_sma_x_autopost_error":"","_sma_x_post_id":"","_sma_x_attempts":0,"footnotes":""},"categories":[31],"tags":[25,1869],"class_list":["post-182527","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it-services","tag-active","tag-grant-thornton"],"_links":{"self":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/182527","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/comments?post=182527"}],"version-history":[{"count":1,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/182527\/revisions"}],"predecessor-version":[{"id":182547,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/posts\/182527\/revisions\/182547"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/media\/78690"}],"wp:attachment":[{"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/media?parent=182527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/categories?post=182527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/businesstech.co.za\/news\/wp-json\/wp\/v2\/tags?post=182527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}