While organizational leaders and IT owners keep a watchful eye on emerging threats and trends from the previous year, much of their cybersecurity strategy will need to be founded on how well their businesses can respond to an attack. While the risk of cyberattacks is an undeniable reality, cyber preparedness can significantly differentiate successful businesses from those struggling to manage after a cyber event.
In particular, Chief Information Security Officers will be building plans to ensure a quick and effective return to normal operations in the face of attack. This post covers how to evaluate the business’s current cyber preparedness, how to plan for a cyberattack and what to do after an attack has occurred. It offers guidelines on the key elements CISOs and IT leaders will need to focus on as they bolster their defense strategies in light of the current threat landscape.
The Increasing Threat of Cyberattacks to Dealers
All sectors in the last few years have grappled with the threat of cyberattacks including dealers recently with CDK Global's Ransomware Attack. Targeting underprepared has become a lucrative business model for malicious threat groups and opportunistic actors.
Modern adversaries do not discriminate targets by size or sector; consequences from one attack can affect the organization and its vendors and providers. The last 12 months have seen little respite in the wave of ransomware attacks and data breaches even as the Biden-Harris Administration’s Executive Order on Improving the Nation’s Cybersecurity and official Shields Up campaign have raised awareness of the severity of the threats facing businesses.
From an insurance standpoint, the cost to remediate attacks has increased, spiking the price of cyber insurance premiums. Insurance carriers recognizing the risk from attack have subsequently adjusted their requirements for security.
In such an environment, it makes sense for businesses to prepare for the possibility of a compromise or cyber-attack. An effective incident response plan that has been openly communicated and tailored to the needs of the business increases the organization’s chances of recovery and rapid return to normal operations.
What Dealer Leadership Should Audit
Diligence is key for C-Suite Leaders of Dealerships. Most importantly, we recommend the audit of your current cybersecurity stance across 3 areas:
-
- People - Review Your Internal Human Elements of Your Cybersecurity Posture Including:
- Response Team: Is it clear who the incident response team members are? Does the response team include: a technical lead, data analysts, communications/PR advisor, human resources specialist, etc.?
- Stakeholders: Are both internal and external stakeholders clearly identified? Are key contacts for third-parties, vendors, clients, and providers identified? Are all public-facing members of the Board and C-levels all well versed in addressing the media?
- Roles & Responsibilities: Does everyone in the organization understand their role in the IRP? Have all expectations been explained, trained, and documented?
- Communication Matrix: Is a communications plan in place and in an easily accessible format/location should networks go down? Does it include central points of contact for each team in the organization?
- Process - Does your firm have stated policies, continuous improvement plan, and financial impact analysis to understand the risks associated with cyber-attacks? Has your firm put in the right insurance in place to protect your firm financially?
- Policies: Do the incident response policies align with the organization’s overarching policies and compliance requirements? Have senior leadership reviewed, approved, and communicated to all employees?
- Continuous Improvement & Lessons Learned: After every practice, drill, or actual incident, are takeaways and feedback documented and stored in an easily accessible platform? Are action items and deficiencies assigned and communicated to directors and managers? Are post-incident reports used for training and onboarding processes?
- Insurance: Is your firm financially protected in the event of Business Interruptions, Ransomware Payments, and other material financial impacts to your operations. CFOs and CIOs need to sit down and hammer out the requirements need for solid financial protection from cyber incidents.
- Technology - A properly designed cyber technology stack is essential to protect, respond, and mitigate cyber risk. How comprehensive is your cybersecurity technology? And how does it really fit your firm's overall risk profile and IT environment?
- Sophisticated Security Operation Center is Paramount: How sophisticated is your SOC or SOC partner? In today's complex IT landscape across endpoints, cloud, email, networks, servers and users, CIOs must understand the limitations of their current SOC.
- Comprehensive Backups: Beyond the basics, it's not only important to have sophisticated backup programs but also to protect those backups via encryption and redundancies. The question to ask yourself is: in case of an attack how fast can we restore our business to be operational?
- Beyond the LOG file: Retrospective analysis is good, proactive threat management is even better. While many solutions offer backward-looking analysis via log file collection, it truly falls short in today's complex cyber threat landscape.
- People - Review Your Internal Human Elements of Your Cybersecurity Posture Including:
This is Part 1 of a monthly series on the business impact of cybersecurity for dealer leadership.