Responding to a Cybersecurity Incident (and trying to prevent one)

However, it will come as a surprise to some to read that Varonis (NASDAQ listed data security firm headquartered in New York) is reporting that 46% of major cyberattacks reported in the year to date were suffered by organisations with fewer than 1000 people. On top of that, mid-year reporting from combined Deloitte teams in the US and Europe shows that a major cyberattack today costs, on average, US$1.85 million, and that two in three firms they surveyed had suffered a breach of some description in the previous twelve months. 

So, let’s put those numbers together – the cost of cybercrime is growing at about 50 times inflation, one in two attacks is suffered by a medium or smaller business; and whatever your size, it’s more likely you’ll suffer an attack than not – and when those attacks are suffered, they’re costing the victim organisations the price of a five-bedroom house in Papamoa.  

New Zealand businesses are not immune from the threats, and there is a danger in some of the beliefs that do exist on these shores: the feeling that our remote geography, relatively low GDP and small population may allow us to go unscathed is sadly not backed by any fact. You only have to spend 60 seconds on the CERTNZ website to know that what’s happening everywhere else is also happening here. A ‘fingers crossed’ strategy is not a strategy at all, and taking a cavalier approach to cybersecurity could be an irreversible mistake. 

If you’re being proactive, securing your devices, securing and backing up your data, training your teams and testing your processes, you’re several orders of magnitude less vulnerable than those organisations who aren’t, and you’re positioning yourself to avoid most breaches. However, there is no such thing as a sure thing, and part of security planning is planning for the worst – so consider how you’d respond in the event of a breach. Here’s some pointers to help: 

1. Work with your IT partner or internal IT team to identify and contain the breach. If you have neither, or you’re not sure if your team have a plan for responding, prioritise getting support in place today. 
2. Contact your cyber insurer. You want to make sure you can claim if you need to, and you want to be guided by your insurer as to how much further work they may like for you to do. They may also wish to involve their own team, or to take another approach, so communicate with them early.  
3. Communicate internally and externally. Your team may already be aware of what’s happening, but it’s vital you keep them abreast of the situation with the key details. Also communicate with your customers. You may wish to gather more facts or let the dust settle, but you’ll need to inform anyone of a breach which may have caused them harm, and they’ll want to know what happened and how you’re dealing with it 
4. Report the incident to CERTNZ, who may be able to offer further support 

As you begin the restore and recovery process, you can take comfort from knowing that the more robust your systems were beforehand, the easier and less expensive the process will be to get them back up and running.