Why it’s important to have a backup plan for cybersecurity breaches

According to CERT statistics, malware and credential harvesting accounted for about 77% of the 3,977 cybersecurity incidents reported in Aotearoa over the past three months.

Markus Spiske/Unsplash

According to CERT statistics, malware and credential harvesting accounted for about 77% of the 3,977 cybersecurity incidents reported in Aotearoa over the past three months.

Mike “MOD” O’Donnell is a professional director and animator. This column is the personal opinion of the MOD, but for full disclosure it is noted that the MOD is chair of the Cybersecurity Advisory Committee.

OPINION: I was recently considering the benefits of buying a smart fridge online when I received an email alert from Kirsten Patterson, CEO of the New Zealand Institute of Administrators (IOD).

I don’t know Kirsten personally but, like me, she chose a market nickname based on her initials “KP”. So I always felt a certain affinity for her.

But the content of the email was not good. He told me that the IOD had suffered a security breach the day before. Some bad buggers had done some kind of hacking and they got their hands on credit card information and might try to use that information to commit fraud.

* Government websites inaccessible after being affected by a privacy issue
* The future of Aotearoa’s economy depends on startups
* New Zealand is at heightened risk of cyberattacks and pro-Russian hackers, CyberCX says

The memo went on to explain the innards of the breach and that the IOD had suspended all credit card facilities. And that they did not believe that any other personal details had been accessed.

He also clarified that the IOD had connected to both the Office of the Privacy Commissioner and the state-run Computer Emergency Response Team (CERT) from MBIE.

This is not the first time that the IOD has been the subject of a cyberattack. In 2019, they were forced to shut down their web presence after a Brazilian hacker defaced their website.

The defacement included messages to “join the revolution” and encouraged visitors to tell the government to fuck off. Not something the IOD would normally advocate…

KP’s rating for me – both speed versus attack time and content in terms of telling me succinctly but not too dramatically what happened – was a useful data point on a few counts.

First, they were pretty quick to let people know.

Second, they were in touch with the officials they should be when the cyber poo hits the fan. CERT to hopefully get some help solving the problem. The Privacy Commissioner to warn them that privacy had potentially been breached and what they were doing about it.

Third, they had taken every possible measure to ensure that the stolen information could not be exploited for nefarious purposes (well, hopefully not).

Taking a step back, the memo showed it was likely that between the time the IOD was hit in 2019 and this attack, they had prepared a cyber incident response plan.

Typically, as part of a broader cybersecurity methodology, an incident response plan is a document that gives the organization step-by-step instructions on how to respond to a serious security incident, such as a security breach. data, data leak or ransomware attack.


Kevin Stent / Stuff

Mike “MOD” O’Donnell is a professional director and animator.

The US National Institute of Standards and Technology (NIST) believes that decent incident response plans have four phases: preparation, detection, eradication, and post-incident activity.

Customer communications – like the one the IOD sent to me – usually fall into the recovery phase, but are also part of post-incident activity.

They are especially important when hacking involves credential harvesting or malware attacks, of which there are many every day.

According to CERT statistics, malware and credential harvesting accounted for about 77% of the 3,977 cybersecurity incidents reported in Aotearoa over the past three months.

Note that these are only reported attacks. If you’re generous and say half of all attacks are reported, that’s 8,000 attacks in Aotearoa, a quarter, which equates to nearly 50 a day. But it’s probably more.

So it’s not a question of “if” you will suffer a cybersecurity attack, but of “when”. And no one storing sensitive information is too secure to touch. Just ask any bank (including the Reserve Bank).

Organizations don’t need to reinvent the wheel in this area. The government of the State of Victoria in Australia provides a useful free template for an incident response plan on its website. For small businesses, there are handy templates on GitHub.com.

The advantage of having a cyber incident response plan in place is that while you prepare it, you have the luxury of time and calm. It’s much harder to do this when your website is down, you’re staring down the barrel of a ransom note, and your customer support team is drowning in worried customers.

Even if you have a cyber incident response plan in place, it’s not a bad idea to update it as changes in technology enable new attack vectors. A recent report from technology research gurus Gartner found that the number one risk in 2022 is the expansion of attack surfaces.

It’s just a quick way of saying that as the internet begins to control everything from your refrigerator to your fleet of vehicles, and open source code becomes endemic in cloud-based enterprise infrastructure; there are many other ways to enter your system.

As a result, we’ve seen CIA coke machines, government officials’ baby monitors, and corporate jeeps targeted by hackers. It is only a matter of time before there is a major breach via an Internet of Things (IOT) backdoor.

Speaking of which, I’m giving up on the idea of ​​a smart fridge.

Comments are closed.