Part of the way forward should include the sharing of information and learnings that allow other organisations to address any uncovered vulnerabilities. But as Alex Stamos from the Krebs Stamos Group said, we’re missing the critical function of a central entity that collects and shares learnings from cyberattacks in the same way the National Transportation Safety Board investigates aeronautical incidents. Although organisations targeted by threat actors should not be blamed, their collaboration and transparency is critical to help others learn from their experience, especially considering the fast evolving nature of cyber threats.
Organisations often focus predominantly on preventing an attack rather than looking across the risk spectrum, including recovery and restoration, noted Tom Reagan, Marsh’s Cyber Practice leader for the US and Canada. “If you want to move beyond prevention and start looking at resilience, you have to more actively and dynamically prepare to respond when something goes wrong.”
Considering the inevitability of breaches, Mr. Stamos said organisations should build “bend-but-not-break” defences that focus on catching attackers early and being able to respond quickly.
Part of the response following a cyberattack is to tap into the specialised expertise that is often provided within a cyber program, making it critical for organisations to immediately contact their broker or insurer. The increase in cyber events is contributing to higher insurance pricing and a greater focus on controls implemented by organisations to improve cyber resilience.