The vital role of threat intelligence in today’s cyber defences
News from the frontline of BT’s cyber defence team: why the human firewall and exploring the known unknowns are essential to your cyber security.
New working arrangements and resource limitations have introduced significant complexity to a domain that demands quick turnarounds.
A combination of reactive roll-out of infrastructure to accommodate remote working and a rise in opportunistic threat-actors seeking to take advantage of the situation means that we now have a threat landscape that - now more than ever - requires organisations to make sure they’re ready to respond in the timescales required by regulators and customers.
We recommend that you take a look at the following areas:
Both the BT and PwC Cyber Security teams have seen a marked rise in the number of criminal cyber campaigns seeking to exploit the situation. We’ve spotted highly targeted phishing lures being deployed - often citing government advice or imitating the targeted company, apparently issuing guidance on how to connect to remote working infrastructure. Organisations should continue to be on heightened alert of motivated attackers and conscious of the fact that while the threat has increased, the resources available to detect and mitigate has decreased.
Although you may be able to handle short-term absences of key response stakeholders, few companies are equipped to deal with the long-term absences that the Coronavirus situation may cause. Of unique concern is the potential for entire geographical teams to be impacted, as seen in recent outbreaks reported at sites across the country. Organisations should consider what backup or burst response capability could be introduced and weigh up an incident response retainer service with a third party.
Incident response teams that had previously been highly mobile - such as, servicing multiple sites - may now be unable to travel and fulfil their duties. Differences in regional administrations across the UK may also introduce discrepancies in how support can be offered - for example, travel limitations in Wales precluded travel at the same level as possible in England. Specialist forensic equipment may also need to be distributed across the team, introducing bottlenecks if these team members take ill. The situation could also lead to a variability of skills across teams. Increased delegation of responsibility and provision of additional hardware may be necessary to increase redundancy. Similarly, it increases the need to understand how to access the relevant data remotely or locally and also whether or not there’s a requirement for full legal forensic evidence collection.
With remote working set to continue for many teams for the foreseeable future, previously effective working patterns such as commandeering incident “war rooms” and establishing collaborative working spaces may no longer be viable. New response infrastructure should be established and also trialled pre-incident, with care taken to consider if these fit with individuals’ homeworking needs. Crisis exercises should also be considered, these can vary in complexity with paper-based desktop exercises or simulations both being effective.
Please get in touch to discuss any of the measures to enable effective remote working or take a more detailed look at our advisory services.