Security

Are you ready for a cyber crisis?

Fields marked with an * are required

Subscribe to our newsletter

AARNet Cyber Security Workshop 2017

Attackers have most of the advantages. They know whom they will be attacking, when, and how. A persistent attacker causes problems that fall outside of normal incident response procedures. How companies respond can have serious ramifications for business and reputation.

For example, the response by Equifax to this year’s hack dubbed the worst data breach in US history demonstrates how a rushed or delayed communication response can increase the damages of a disruptive crisis, and the currently unfolding story about the 2016 Uber hack coverup demonstrates the importance of transparency.

To help our community prepare for a cyber crisis, AARNet recently hosted a DDoS (Distributed Denial of Service) based cyber crisis exercise with representatives from 20 of our member institutions. The exercise focused on communications and incident response to a persistent attack. Here, we share the key takeaways from the session:

8 tips to help you prepare your organisation for a cyber crisis

  1. When is an incident a crisis? Ensure that incident responders have a clear idea of when an incident should be escalated to a crisis, and how they do so.
  2. Communications Management. The business of managing and delegating tasks and distributing up-to-date and accurate information in a live incident scenario with multiple teams and stakeholders can be very tricky. In some cases, established tools such as service desks are not accessible by senior personnel, so the ability to create a Crisis Wiki tool can be beneficial.
  3. Offline storage of contacts. Crisis coordinators and responders need the ability to contact other members if the phonebook, active directory or email is compromised or unavailable.
  4. Out of band communication. Have a plan for how your responders will communicate if you believe that your email system may be compromised.
  5. Communicate to staff, students and affiliates. Official communication channels should be used regularly with staff and students. Include social media such as Twitter and Facebook. Lack of regular communication outside of a crisis will cause confusion when you attempt to communicate during one, which could be exploited against you.
  6. Have a spokesperson. Many roles in crisis management will mirror those in incident response, however, a significant emphasis will be placed on external communications.
  7. Know your external contacts. Effective crisis management requires measured external communications. Contacts and relationships should be maintained with external agencies such as:
    • Peer organisations
    • Suppliers and Vendors
    • AARNet (or ISP)
    • AusCERT and CERTAu
    • Federal law enforcement and intelligence (AFP, ASD, CSOC, etc)
    • Insurance providers
    • Media
    • Social Media providers
  8. Know when to go to the media. Media will often pick up the story sooner or later. The first story that is published will dictate public perception of the incident. In a dedicated campaign, an attacker may even contact the media themselves, utilising the media as another attack vector.
    • Your spokesperson should be trained in media engagement
    • Developing template responses to certain event types can save precious time, the fine details can be rapidly adjusted to fit your situation.

 

AARNet would like to thank Eric Pinkerton, Virginia Calegare and Henry Ward from HIVINT for working with us to develop and run the Cyber Crisis Exercise, and prepare this advice.

Hivint offers a free high-level Incident Response run sheet in their securitycolony.com portal. If you like it and are interested to see what else is available then you can sign up for free here.


Related Stories

Security

Oct 18, 2017

Awareness is the best defence against cyber crime

Every day, the internet opens up new opportunities for enhancing the way we connect, shop, bank, research, work and socialize. But the more we do online, the greater the opportunities for criminals to steal money, information or identities: in 2015,...

Security

Sep 27, 2017

Government funds cyber security cooperative research centre

The Australian Government’s decision to fund a Cyber Security Cooperative Research Centre (CyberCRC) was announced jointly by the Assistant Minister for Industry, Innovation and Science, Craig the Hon Laundy MP and the Minister Assisting the Prime Minister for Cyber...

Security

Aug 10, 2017

Research and education networks join forces to tackle global IT security risk

With the escalation of major global cyber security incidents showing no signs of slowing down, information security is firmly in the spotlight for leaders of research and education networks (NRENs). Managing information security is also a high priority for many...

Security

Aug 4, 2017

Cyber security threat forecast: ubiquitous attacks

AARNet is a member of Security Colony,...