In a recent destructive phishing attack, a cybercriminal initially hacked the email of an exhibitions firm and then used a spoofed email to trick its client into wiring money to an overseas bank.
This is just one recent example of the many cyber-attacks around the world, and it is certainly not the last. What can organizations big and small do to prevent such attacks?
Email: the deadly gateway
Over 91% of all cyber attacks are triggered by email, according to a recent study. PwC asked 3.5 thousand IT and business leaders worldwide about resilience in order to find out which organizations are prepared to face and recover quickly from a cyber attack, and to and understand their operations.
Organizations deemed to be high “RQ” (resilience quotient) have shifted their approach from a model of disaster recovery followed by business continuity to one of “resilience by design”. The newer approach involved having real-time views of higher-priority processes in order to allow responders and decision makers to react to incidents with a unified front.
To fight cyber attacks, companies must know in advance, before any actual cyber attack, the severity, nature and length of the disruptions that it can endure. The company must plan for the worst, including getting cyber insurance, putting all its security operations and personnel in place, and leaving no area unguarded– especially its email system.
Tabletop tests
The PwC report stresses that organizations must proactively test their level of preparation, including through “tabletop tests” which are simulations in which to rehearse important communications during attacks and to identify gaps and dependencies in several essential processes.