Hackers grabbed gigabytes of data from JP Morgan and other US banks recently. Hackers are slipping in through phishing emails and other means; the tools are so efficient and cheap that hackers can afford to attack anyone and everyone around the clock. Every organisation with an Internet connection is a potential victim. Even the smallest businesses now have to worry about network security and protection. Cyber-attacks have become inevitable.

Cyber security involves protecting the IT infrastructure by preventing, detecting and responding to cyber incidents. The cyber incidents include viruses erasing entire systems, intruders breaking into systems and altering files, using your computer or device to attack others or stealing confidential information. The spectrum of cyber-risks is limitless.

Hence, organisations have to prepare for the inevitable attack. This is no longer an “if” but a “when and how bad”. So, organisations have to be ready to respond and minimise the impact of any cyber-incident. As a first step, the business and technology teams have to manage their vulnerabilities and understand the risk profile of the organisation. The threat landscape is diverse and growing. Organisations should zero in on the probability and impact of specific threats, focusing its energy and attention to develop a way to minimise the impact of those threats or reduce them to an acceptable level by building tools and implementing technology to protect that level of risk.

Next, the business should engage in a conversation around incident response, business continuity and disaster recovery, which assumes that a threat will materialise and develop a cyber-incident response plan. The response plan identifies cyber-attack scenarios, appropriate responses and includes basic components such as response team members, reporting, initial response, investigation, recovery and follow-up processes, and public relations plans and law enforcement notification. The idea is to have a prescribed plan to recover from an incident and conduct business as usual.

The response team shall be responsible for developing the written-cyber incident response plan. They will also investigate and respond to cyber-attacks in accordance with the plan. The cyber-incident response plan identifies and classifies cyber-attack scenarios, determines the tools and technology to be used to detect and prevent attacks, secures the organisation’s computer network and sets up a checklist for handling initial investigations of cyber-attacks.

The cyber-incident response plan must also address procedures to take on discovery and reporting of cyber-attack incidents, including designating response team members to monitor industry practices to ensure that the organisation’s information systems are appropriately updated, and that the organisation installs the latest software security patches to allow for early discovery of attacks. It must also make provisions to continuously monitor the organisation’s computer logs to discover any incidents, set up a database to track all reported incidents and create a risk rating to classify all reported incidents as low, medium or high risk, so as to facilitate an appropriate response.

If a potential attack is reported, the designated response team member should conduct a preliminary investigation to determine whether a cyber-attack has occurred. If a cyber-attack has occurred, the response team should follow the investigation checklist set out in the cyber-incident response plan to conduct the initial investigation. The initial response varies depending on the type of attack and level of seriousness. However, the response team should aim to stop the cyber intrusions from spreading further into the organisation’s computer systems and document the investigation.

Following the initial response assessment, the organisation may decide to undertake a formal internal investigation depending on the level of intrusion and its impact on critical business functions. An internal investigation allows the organisation to gain a fuller understanding of the computer intrusion, increase its chances of identifying the attacker, detect previously unknown security vulnerabilities and identify required improvements to computer systems. If the organisation’s response team or IT department lacks the capacity or expertise to conduct an internal investigation, the organisation may retain a legal counsel and a cyber security consultant.

Ultimately, companies that prepare for cyber security attacks have a better chance of avoiding business disruption. Those companies that are unprepared are more likely to fail at the response, take more time and experience more disruption.

(The writer is a Governance, Risk and Compliance professional and Director at Layers-7
Seguro Consultoria (Pvt) Ltd. He can be emailed at
sujit@layers-7.com).

New land restriction laws for foreigners jolt Lankan companies

Treasury bails out crisis-hit development lottery

Unthinkable: ODEL without Otara: Otara without ODEL

Calamander to bring in another F&B franchise by 1Q next year

Touchwood investors, creditors to meet liquidator on Oct 3

Poverty free Sri Lanka by 2015 – is it a dream or a reality?

Black money politics and finance companies

HNB finances Softlogic’s strategic investment in ODEL

Worldchefs to select most sustainable restaurant in the world in 2015

Study tour for SL farmers on intensive vegetable production and marketing in Israel

SL- Seychelles to enter trade pact, access to African continent

Sri Lanka Army to produce its own steel needs

Buying other finance companies in CB plan

Better managing companies through proper direction from the boardroom

Senkadagala Finance acquires Newest Capital Ltd for Rs. 300 mln

‘LankaClear’ records 8.2% growth in 2013/14

Top labour migration expert to deliver Prof. H.A. de S. Gunasekera Memorial Oration

JAT Holdings helps drought-stricken areas with water storage tanks

NGOs finally meet Gotabaya to discuss conflicts and ways of resolving issues

Ceylon Chamber publishes a book on ‘apparel sector’

DEG provides $15 million for CLC’s SME Portfolio Development

Strong Chinese business presence at Facets, Sri Lanka’s annual gem and jewellery exhibition

Shipping agencies generate US$300 mln in forex earnings

Top Sri Lankan hotel groups vie for honours at Maldives travel awards

Central Bank appoints four new Assistant Governors

OpenArc to partner local banks to go abroad

Sri Lanka’s ExcelSoft signs on for first ERP implementation in India

New committee at SLASSCOM

WSO2 Hackathon to foster open source cloud development

International probe to locate defaulting BOI investors who fled Sri Lanka

SLEA Journal 2014 – journal to launch on Sept 16

Banker boards Taj hotels’ management team

Convertainers debuts ‘Social!’ at CONSTRUCT 2014

Ceylon Tea under pressure in Russia, Ukraine markets

DFCC Vardhana Bank official bank for Non-Immigrant US Visas

Lankan business leaders discuss biodiversity concerns through Ceylon Chamber initiative

Negombo plays host to HSBC Colombo Fashion Week Resort Show 2014

Kurunegala Plantations bags gold award at Agribusiness Awards

Culprits at large in India’s billion-dollar black money

Indrajit, new CEO at Union Bank

Unrealised profits from EPF’s share portfolio pass Rs.10 bln mark, Central Bank says

Trade unions call for political action to protect EPF