Ransomware. Malware. Phishing. For years, enterprises have been warned about a marauding army of online threats, leading to the vast majority of corporate boards acknowledging cybersecurity as a critical business risk. When you examine the numbers, the preoccupation with cybersecurity moving beyond IT departments and onto the corporate agenda makes perfect sense.
With ransomware attacks happening every 11 seconds, and cybercrime globally costing businesses a reported $6trn in 2021, the reputational and financial costs of any breach can be vast. Unfortunately, even if companies clearly understand the importance of robust cybersecurity in theory, actually instituting the measures needed to fight breaches is far from straightforward.
How, for instance, can they ensure that each department knows exactly what to do in a crisis? How can they develop seamless communication across enterprises? How should they react as threat actors adapt?
None of these questions necessarily have easy answers – but employing automation to improve collaboration is a good place to start.
Is negotiating with Cyber terrorists our ‘new normal’?By Cutover
Chief information security officer Craig Gregory understands the challenges of modern cybersecurity as well as anyone. A 20-year veteran in the tech space, he co-founded Cutover, which provides a “Collaborative Automation” platform to major enterprises, back in 2014. Gregory emphasises that, in addition to attacks now being more likely, “increasing velocity and new advanced attack vectors are proving a massive strain on unsuspecting and ill-prepared organisations”.
For one thing, Gregory stresses regulatory pressures, which have increased in response to growing threats. For example, recent GDPR, DORA, and MAS guidelines mean that breaches can result in fines stretching into the tens or even hundreds of millions of dollars. From there, Gregory continues, there’s the ingenuity of attackers themselves to contend with.
“Hackers are typically always a couple of steps ahead,” he acknowledges, adding that corporations large and small are often “on the backfoot trying to second guess what’s going to happen next. The focus has moved from a state of response readiness, to having high quality, consistent recovery plans in place to cater for when, not if, the next attack will happen; by ‘assuming breach’, we can respond and recover more effectively.”
Naturally, businesses are far from oblivious to these difficulties. Deloitte has found that Financial services companies, for their part, reportedly spend more than $2,000 per employee on cybersecurity, with other major corporations similarly compelled to invest. But as Gregory says, it can sometimes be hard for even the biggest players to adapt fast enough.
Just being aware of emerging threats isn’t sufficient, either – whether from a regulatory or reputational standpoint. On the contrary, Gregory explains that without implementing rigorous cybersecurity standards like ISO/IEC 27001 or SOC 2 Type 2, regulators are unlikely to look on a hacking victim with sympathy.
Nor are firms likely to emerge from a breach with their good name intact if they’re unable to show cybersecurity integrated across their business. If network security was once purely the responsibility of dedicated IT teams, dealing with breaches now requires communications, marketing and legal teams to play their parts too.
With so many challenges, it’s unsurprising that companies are increasingly adopting technology solutions such as automated runbooks to orchestrate their cyber responses. When combined with Collaborative Automation, runbooks become more than a detailed set of checklists and instructions which teams can work through to ensure their cyber protocols are up to scratch, they become executable plans that provide visibility and communication capabilities in the midst of a crisis.
A runbook traditionally provides a detailed, step-by-step guide for completing complex tasks and operations, offering standardised processes across the entire organisation and granting easy access to the information team members require to fulfil their specific roles and responsibilities. Automation runbooks like Cutover’s integrate with an organisation’s tech stack to orchestrate complicated workflows and procedures, such as resilience activities, automating tasks that can otherwise be manually intensive.
One example Gregory offers for how to make use of automated cybersecurity runbooks is insurance, where runbooks can be used to mandate an enterprise’s information security to regularly update its cyber liability. From there, a communications team could be tasked with planning marketing communications in the event of an attack, with a specific deadline to meet.
Runbooks are similarly useful for when an attack actually happens – whether it comes to plugging a breach or informing affected customers. At any rate, this comprehensive approach presents a number of benefits.
Perhaps most obvious is that thinking ahead makes a successful incursion less likely. “Once we start to map good battle-tested standards and processes to runbook templates, we benefit from an evolved recovery strategy based on continuous simulations and testing; providing value to us and ultimately anyone who wants to introduce mature recovery processes,” the CISO explains.
More broadly, Gregory is keen to highlight how crucial runbooks are from a reputational perspective. Providing stakeholders with a “single source of truth” – once a Cutover runbook is finished, the resulting report can easily be shared – they give companies indisputable evidence that they pulled every security stop available. That’s bound to win favour with clients and regulators alike, especially when, like at Cutover, the runbook is shaped around a globally recognised incident handling standard, such as NIST Special Publication 800-61.
More broadly, it would be wrong to imagine that, once staff have absorbed their place in a runbook battle plan, they can simply keep practising. Rather, their very flexibility makes runbooks perfect for combatting the most inventive of hackers – just as well given that, according to AV-Test Institute, some 560,000 new pieces of malware are detected every day.
To explain how important this is, Gregory offers another hypothetical. By tightening up protocols and working collaboratively – Cutover permits seamless integration with Slack and other messaging apps – Gregory suggests that a runbook which once took 50 tasks and five days to complete can be slashed to 12 tasks and just a few hours.
It goes without saying that speed is essential to recovering fast and avoiding adverse effects from an attack, and the flexibility of runbooks allows organisations to determine the path that best suits them. “It’s not one size fits all,” Gregory explains. “Once we start to map good standards, good battle-tested processes to runbook templates, there’s probably something there for you as well.”
With all this at his back, moreover, it’s hardly surprising that Gregory is so excited about the future of cyber runbooks. Partnering human expertise with a healthy layer of technical wizardry, he argues that automated runbooks can not only aid post-breach recovery, but also “reduce risks” across a business. The hacking flood is far from over, but Collaborative Automation could yet begin to turn the tide.