That’s the view of John Ellis, Enterprise Security Director at IT firm Akamai. He said that all businesses should have firm crisis response strategies in place in case a cyber attack takes place.
“I see a lot of people who don’t focus on when things go wrong,” said Ellis. “At some point, things will go bad. A database will get popped, we’ll have a data breach of some description, a denial of service attack. How do you detect it? How do you respond to it? How do you engage with media? How do you recover, and how do you know what you need to recover? Those simple questions are difficult for people to answer, but it changes the mindset.
“We frontload a lot of effort onto protecting things, but when a breach occurs we look round and ask ‘what do we do now?’ There’s no worse time to work out your response strategy than when you’re in the middle of responding to it.”
Ellis highlighted that one of the biggest threats to the insurance industry is cyber criminals attempting to ‘pop’ customer databases to sell personal information. Personal data can sell for between $2 and $40 per record on the black market, depending on the completeness of the record and the information contained.
He added that many firms are ‘shooting in the dark’ in terms of what they are defending against, and emphasised that while companies should focus on protecting client information, they should also carefully consider whether their activities are actually improving data security.
“Antivirus researchers agree that 54-58% of malware is undetectable by antivirus software. It’s getting more and more difficult to detect those viruses. If you’re spending an inordinate amount of money on endpoint security and still losing that battle, you’ve got to ask the question: ‘Am I spending my money and my time in the right areas’ or could it be better spent elsewhere?”
Too few organisations have plans in place for how they should respond following a cyber attack – especially dangerous as the likelihood of suffering one is close to inevitable.