Our cyber team collaborate their insights to help ask questions and provide answers during Cyber Security Awareness Month.

Blog 1: Cyber Incident Preparedness – Is your response capability 'good enough'?

Malicious cyber incidents continue to grab headlines. Cyber-attacks are nothing new, and whilst threat actors will continue to develop their tactics and techniques for delivery and intrusion, the reality is that most organisations are now well versed in detecting, responding to, and recovering from attacks against their business via the cyber space. Or are they?

Why are incidents still having such significant impacts – why are organisations, many of whom in possession of multi-million pound or dollar cyber security strategies and an abundance of resources, still scrambling to protect themselves from cyber-attacks when we've had years to refine our craft? At this point you are encouraged to consider just how well your organisation is placed to swiftly and effectively respond to and recover from a cyber incident. Do you have confidence in your plans and processes?

Is your business 'good enough'? Are you outstanding, true leaders amongst your peer group or sector? For a CEO or Board of Directors, they might not want to hear that your approach to cyber incident management is 'good enough,' they may expect that you be one of those industry-leading and shining examples of best practice, up there amongst the very best. This expectation is a natural but perhaps misguided one; to achieve a perceived 'gold standard' costs money, a lot of money, and needs an extensive number of resources to build and maintain it – but is that what YOUR business needs? Would that approach be considered overkill and a potential waste of money? The key here is context and proportionality – a 'good enough' strategy that is built around the scale and context of your business operations, and one that is proportionate to the cyber threats and risks you face. These must be the drivers of your approach to cyber incident response.

Achieving 100% Cyber Security

Like the Unicorn, 100% cyber security does not and will never exist – sorry for the misleading headline. Absolutely, we are getting better at defending ourselves, and technology solutions entering the market are supporting organisational defensive cyber efforts – but hackers are still getting through and will continue to do so. Like the 'good guys,' they are developing new and innovative ways of exploiting vulnerabilities in technologies and in people. The latter in particular is an operating system that is known to have vulnerabilities; we aren't machines and we do make mistakes. You are likely to have heard that the human is the weakest link in cyber security, but what human likes to be told they're a weak link? I certainly don't. I don't believe that the human is the weakest link, actually humans are simply being just that – human. We get tired, we do not follow rules or policies, we sometimes lack focus or training, and we most certainly do have our interest piqued by the offer of free 'stuff.'

Assume breach

Going hand-in-hand with the commentary above is a philosophy referred to as 'assume breach.' This approach is, I believe, an excellent one as it places a focus on your response and recovery actions and supports you in placing equal importance on your reactive controls and processes as well as those that form part of your preventative strategy. Clearly preventative controls are incredibly important and will work to defend your business against many common cyber threat types, but should we place all our effort and prayers on trying to prevent the incident from occurring in the first place? That's a difficult question to answer however, by assuming that your systems and networks will, at some point, be breached (a truly motivated and technically capable threat actor WILL get into your operating environment) you can take steps to limiting impacts and ensuring business continuity is maintained – the much trodden 'not if, but when' line most certainly applies.

Building Cyber Incident response around your people

Technology very rarely fails on its own. It usually fails because we're (the human, again) not using it properly, whether that be due to malicious (e.g., deliberately circumventing operating procedures) or non-malicious (e.g., misconfiguration) reasons. The same can be said for cyber incident response. The technology has a critical role to play, but it is the human who is central to the efficacy and responsiveness of your plans and processes. It is the human who will be making decisions, enacting those critical response actions, and communicating with affected parties, and so your plans must be built around the human, your people. Plans need to be clear, concise, and repeatable and in our next release we will go into further detail regarding the strategy itself; what do you need to know and, importantly, what can you do to establish a 'good enough' cyber incident response plan.

Blog 2: Enhancing Cyber Resilience - Incident response & preparedness

Our recent Global Directors and Officers (D&O) Cyber Risk Survey spotlighted the continued board level concerns around threats in the digital realm. Cyber-attacks, data loss, and cyber extortion maintained their dominance as the top three concerns globally for directors and officers. The survey, set across various industries, highlighted critical facets of cyber risk management, with a particular focus on cyber incident response and preparedness.

The survey underscored the increased focus on preparedness and response in dealing with cyber incidents. Notably, three-quarters of respondents reported conducting cyber tabletop exercises within the past year. However, only slightly over half of them expressed confidence in their organisation's ability to effectively manage a cyber incident.

With the increasing frequency and sophistication of cyber-attacks, businesses must adopt a holistic approach to cyber risk management. Establishing a well-defined and rigorously tested incident response plan is not an option; it's a necessity.

How can we assist you?

Our Incident Preparedness & Response (IP&R) offering encompasses a tailored suite of services designed to evaluate your organisation's capacity to detect, manage, and respond to a cyber security incident. Moreover, it aims to curtail financial losses and protect your reputation in the event of a breach.

We can support your organisation by creating a truly bespoke service package, which may include the following activities:

  • Incident Simulation and Response Workshops: Practical exercises to refine your team's response skills.
  • Assessment of Detection and Monitoring Capabilities: A thorough evaluation of your ability to identify and track potential threats.
  • Incident Response Policy and Strategy Review/Development: Analysis and assessment of your current response and recovery processes as well as crafting or enhancing the blueprint for your incident response efforts.
  • Business Continuity and Disaster Recovery Planning: Ensuring you can maintain operations in the face of a cyber crisis.

What's the next step?

For more information and to initiate a conversation about bolstering your organisation's cyber resilience, please don't hesitate to reach out.

Your proactive stance today can safeguard your business tomorrow.

Blog 3: Elevating Cyber Resilience - Cyber risk governance

Our recent Global Directors and Officers (D&O) Cyber Risk Survey underscored the continued prominence of cyber threats—cyber-attacks, data loss, and cyber extortion—ranking as the foremost concerns for directors and officers. This extensive survey canvassed diverse businesses, across various sectors, to glean insights into their approach to cyber risk management, with a special focus on cyber risk governance.

Notably, the survey reveals a shifting landscape where the sponsorship and oversight of cyber risk management increasingly gravitates towards the board, CEOs, and senior leadership levels.

In light of the escalating frequency and sophistication of cyber-attacks, it is imperative for businesses to cultivate a comprehensive approach to cyber risk governance. This entails a rigorous examination of key cyber risks and the development of a robust cyber risk governance framework.

How can we assist you?

Introducing the WTW Cyber Controls & Insurability Assessment (CCIA), a purpose-built solution crafted to address two pivotal objectives:

  1. Evaluation of Current Cyber Security Controls: We gauge your existing cyber security measures against a concise and standardised assessment framework. Our recommendations facilitate risk mitigation and improvement, bolstering your defences.
  2. Analysis of Cyber Insurability Position: Gain insights into your cyber insurability status. Understand the potential risks and exposure points, enabling informed decision-making.

The CCIA empowers decision-makers to identify, assess, and mitigate organisational cyber risks and exposures effectively.

What's the next step?

To explore how the WTW CCIA can enhance your cyber resilience and governance, please reach out.

Elevate your cyber defence strategy to safeguard your organisation's future.

Blog 4: Cyber Incident detection and response: A proactive guide for your business

As we observe Cybersecurity Awareness Month, it is a timely reminder for businesses to reevaluate their cybersecurity posture. Acknowledging the inevitability of cyber threats, this article delves deep into the core of best practices within the cybersecurity journey. It aims to address challenges and unveil the strength of proactive measures, from swift detection to effective response.

Tackling widespread cybersecurity worries

Like most businesses we all share common concerns around the financial impact of cyberattacks, data breaches, and ransomware incidents, but it's crucial to also recognise that these threats encompass more than just financial risks. They can also inflict damage on reputations and disrupt day-to-day operations. To effectively safeguard your business, the first step is to understand the unique threats it faces.

Our Cyber Controls Checklist is a valuable tool designed to assist businesses of all sizes. It serves as a guide to help identify vulnerabilities and evaluate cybersecurity controls. In tandem, our Cyber Controls & Insurability Assessment (CCIA) can complement the Checklist, offering an independent view of your control maturity and actionable recommendations to enhance your cybersecurity posture.

Building resilience against cyber threats necessitates not only robust defences but also a clear course of action when incidents arise. Here are some key steps to elevate your organisation's cybersecurity posture:

  • Email & Web Security: Employ solutions which check emails and prevent attacks originating from the internet. These solutions help to prevent and protect against such threats as phishing or ransomware attacks.
  • Monitoring & Logging: Implement a Security Information and Event Management (SIEM) solution to gain real-time visibility of your digital environment. This empowers you to detect anomalies and threats promptly.
  • Incident Response Plan: Develop and regularly update an incident response plan. This plan should delineate your team's actions in response to a cyber incident, including resource allocation and collaboration with third parties.
  • Data Backup & Recovery: Employ encrypted, air-gapped backup solutions to ensure the safety of critical data. These solutions enable swift recovery in the event of ransomware attacks or data loss.
  • Vendor Security Assessments: Remember that your cybersecurity extends beyond your organisation to your third-party vendors. Our services include vendor security assessments to ensure that your partners meet your security standards.

Detecting and responding to incidents: Real-world scenarios

To truly understand the importance of detecting and responding to cybersecurity incidents, let's look at a few real-world scenarios that many organisations can relate to:

Scenario 1: The phishing email

Imagine you receive an email that appears to be from a trusted vendor, asking you to click a link to update your account information. Unbeknownst to you, it's a well-crafted phishing email. You click the link, and provide your login credentials, at this point in time these credentials have been compromised and are a risk to your organisation. Without adequate monitoring and detection systems, you might not realise this breach until it's too late.

Response: In this scenario, having an email security solution in place may have prevented the phishing email from reaching its destination by detecting then quarantining the email. Paired with an appropriate monitoring & logging solution (or SIEM), any use of the breached credentials to access your network can be detected, alerted, and responded to accordingly.

Scenario 2: Ransomware attack

Picture a typical workday when your employees start receiving strange pop-up messages on their screens. Your organisation has fallen victim to a ransomware attack, and your critical files are encrypted, systems are left inaccessible until a hefty ransom is paid. Without a solid incident response plan and proper backup solutions, you face potential data loss, delays in recovery, and a significant financial setback.

Response: With a well-prepared incident response plan and regular secure data backup strategies, your organisation would be better equipped to isolate the affected systems, respond, contain and eradicate the ransomware, before proceeding to restore data from backups, and avoid paying any ransom. This scenario highlights the importance of backups and of having a clear plan of action in case of an incident.

Scenario 3: Unauthorised access

A supplier informs you that they have subjected to a cyber-attack, and login credentials may have been compromised, there has been no immediate impact on your organisation, however a few weeks later unauthorised access and attempts to exfiltrate data away from your network is discovered. It is later discovered the cyberattack due to a poor security posture adopted by the supplier.

Response: The impact of this event not only affected the supplier but also your organisation, requiring action such as the changing of user credentials, and investigations to assure no infiltration to your network has been made. By undertaking robust vendor due diligence, the risk that the supplier presented could have been mitigated and additional controls applied to their access. Additionally, by employing a monitoring / data loss prevention solution the exfiltration of data may have been detected sooner rather than later.

These scenarios underscore the vital role of monitoring, logging, and incident response plans in mitigating the impact of cyber incidents. In each case, a proactive approach guided by the Cyber Controls Checklist could have saved time, resources, and potentially prevented the event.

Are you prepared to respond effectively?

Don't just hope for the best when it comes to your cybersecurity.

Is your organisation ready to take control of its cybersecurity future? We're here to guide you through every step of your cyber risk management journey. Reach out to us for tailored solutions that match your business needs and risk profile.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.