Security

Are you ready for a cyber crisis?

Fields marked with an * are required

Subscribe to our newsletter

AARNet Cyber Security Workshop 2017

Attackers have most of the advantages. They know whom they will be attacking, when, and how. A persistent attacker causes problems that fall outside of normal incident response procedures. How companies respond can have serious ramifications for business and reputation.

For example, the response by Equifax to this year’s hack dubbed the worst data breach in US history demonstrates how a rushed or delayed communication response can increase the damages of a disruptive crisis, and the currently unfolding story about the 2016 Uber hack coverup demonstrates the importance of transparency.

To help our community prepare for a cyber crisis, AARNet recently hosted a DDoS (Distributed Denial of Service) based cyber crisis exercise with representatives from 20 of our member institutions. The exercise focused on communications and incident response to a persistent attack. Here, we share the key takeaways from the session:

8 tips to help you prepare your organisation for a cyber crisis

  1. When is an incident a crisis? Ensure that incident responders have a clear idea of when an incident should be escalated to a crisis, and how they do so.
  2. Communications Management. The business of managing and delegating tasks and distributing up-to-date and accurate information in a live incident scenario with multiple teams and stakeholders can be very tricky. In some cases, established tools such as service desks are not accessible by senior personnel, so the ability to create a Crisis Wiki tool can be beneficial.
  3. Offline storage of contacts. Crisis coordinators and responders need the ability to contact other members if the phonebook, active directory or email is compromised or unavailable.
  4. Out of band communication. Have a plan for how your responders will communicate if you believe that your email system may be compromised.
  5. Communicate to staff, students and affiliates. Official communication channels should be used regularly with staff and students. Include social media such as Twitter and Facebook. Lack of regular communication outside of a crisis will cause confusion when you attempt to communicate during one, which could be exploited against you.
  6. Have a spokesperson. Many roles in crisis management will mirror those in incident response, however, a significant emphasis will be placed on external communications.
  7. Know your external contacts. Effective crisis management requires measured external communications. Contacts and relationships should be maintained with external agencies such as:
    • Peer organisations
    • Suppliers and Vendors
    • AARNet (or ISP)
    • AusCERT and CERTAu
    • Federal law enforcement and intelligence (AFP, ASD, CSOC, etc)
    • Insurance providers
    • Media
    • Social Media providers
  8. Know when to go to the media. Media will often pick up the story sooner or later. The first story that is published will dictate public perception of the incident. In a dedicated campaign, an attacker may even contact the media themselves, utilising the media as another attack vector.
    • Your spokesperson should be trained in media engagement
    • Developing template responses to certain event types can save precious time, the fine details can be rapidly adjusted to fit your situation.

 

AARNet would like to thank Eric Pinkerton, Virginia Calegare and Henry Ward from HIVINT for working with us to develop and run the Cyber Crisis Exercise, and prepare this advice.

Hivint offers a free high-level Incident Response run sheet in their securitycolony.com portal. If you like it and are interested to see what else is available then you can sign up for free here.


Related Stories

Security / Services

Jun 29, 2020

AARNet’s response to Zoom security and privacy issues

      Online safety and privacy is extremely important...

Security / Services

Mar 31, 2020

‘Zoombombing’ and tips for preventing it

Updated 31 March 2020 In recent weeks, as the world reels from the effects of social distancing due to the COVID-19 outbreak, we have witnessed a significant uptake in the use of tools like Zoom. So along with the fantastic...

Security / Services

Feb 13, 2020

AARNet receives AustCyber funding for cyber security project

AARNet is pleased to be one of the 17 recipients in the latest round of AustCyber funding for industry-led projects, announced today by the Minister for Industry, Science and Technology, the Hon Karen Andrews MP. The AARNet project is developing...

Security

Oct 8, 2019

Reverse the threat of cybercrime this Stay Smart Online Week!

This week (7 -11 October) is Stay...