This article is a companion piece to a recent Kivu Coffee Break video, which you can watch here.
Over the past few months, Kivu has observed an increase in cyber-physical attacks to small-to-medium sized businesses (SMBs). A cyber-physical attack is a cyber-attack that impacts the physical infrastructure of an organization. If a SMB is attacked, they may experience significant outages of crucial systems. Knowing how to still operate – even if only to a limited extent – when experiencing these setbacks is a key requisite for minimizing business interruption. That is why having an up to date Incident Response plan is an effective risk management tool, and a great way for SMBs to get ahead of a potential attack.
One problem a SMB may experience in a cyber-physical attack is the loss of communication. Today, companies primarily communicate through phone calls, instant messaging apps and e-mails, which are often interlinked and connected to the same network. If those systems are lost, would employees know what to do? In many cases the answer is probably ‘no’, apart from a few groups of employees who may happen to have each other’s cellphone numbers.
Companies need to develop a plan for this scenario because a cyber-physical attack may result in communications being cut throughout the business. Having a backup channel and clear procedures in place will help employees know what to do – and help the company recover faster.
To get the business back up and running after a cyber-physical attack, employees need to be trained on what to do in different scenarios. Training employees on security awareness is proven to be effective at minimizing the risk of an attack, but they also require information on how to act during an incident, with clear allocations of specific roles and responsibilities. Being prepared for the worst scenario will avoid chaos all around.
When developing an IR plan, it should ideally be prefaced with an inventory of assets which are considered essential to maintain business operations. SMBs should calculate what their annualized loss expectancy (ALE) is for an event like a cyber-physical attack. ALE is a quantitative risk formula that begins with assigning an asset a value. To calculate the ALE, you then determine the exposure factor which will give the single loss expectancy (SLE). Finally, you multiply the SLE with the chance this event will happen at a given rate per year. ALE requires not only the knowledge of your asset values – something that not all companies have readily at hand – but also of how much at risk they are from a particular threat. This latter piece of information can be provided by threat intelligence.
Threat intelligence is useful for preparing, preventing and identifying threats. Many cyber security vendors provide threat intelligence as part of their service offering – Kivu included. There are also independent researchers who offer this service, though it’s important to make sure the information is vetted and curated – otherwise it can quickly become overwhelming. Threat intel should be carefully considered when developing response plans and making businesses security decisions. For example, a company can utilize threat intelligence to identify vulnerabilities in their network and then investigate those with penetration testing.
Get in touch if you want to find out more about securing your business against cyber-attacks. Our experts can advise on cyber-physical threats, assist on policy reviews, provide pen-testing and even manage your security services for you.