Six actions to improve your organisation’s cyber resilience

1. Stress test your incident response plans

Collate and review your Cyber Security Incident Response Plan, your Incident Response Playbooks and your other crisis management documents – including your cyber crisis communication plans.

Your organisation should consider stress testing your existing documents with a Cyber Incident Response Exercise involving all parties in your cyber ecosystem, incorporating learnings from real-world incidents, and preparing both your technical and executive leaders for the practical considerations at the centre of a cyber incident.

2. Embed internal and external threat monitoring

The most effective cyber security environments perform continuous monitoring to detect and respond to cyber threats.

Internal monitoring should include logs from critical systems and applications (especially those holding the most sensitive data), activity on servers and user computers, and network ingress points such as VPNs and internet-facing applications. External monitoring should include dark web monitoring for references to the organisation on underground channels and regular collection.

All detections should be responded to quickly and thoroughly by properly trained specialists.

3. Conduct a personal information audit

Review what personal information your organisation is storing, where it is saved, how long it is retained, how it is accessed, and by whom.

What personal information is stored

Ensure that your organisation is aware of exactly what personal information is being stored in your systems.

Location, location, location

Personal information is frequently held across multiple systems with varying levels of security.

Most organisations would be surprised at the amount of information stored in development and testing environments, and in email systems and share drives – the “low hanging fruit” locations from which attackers most frequently steal confidential data.

How long personal information is retained

A foundation of best-practice privacy, and an Australian legal requirement, is that personal information must be permanently deidentified or destroyed when it is no longer needed for business or compliance purposes.

Your organisation should review what data is currently retained and consider limiting what is stored to meet your business and legal obligations.

Understand access 

Ensure that your organisation has clear protocols for who (or which programs) may access what personal information, and under what circumstances. You should be able to understand how you monitor this, and how unauthorised access would be detected.

4. Understand your exposure to the internet

Manage your attack surface by understanding which of your organisation’s applications and systems are exposed to the internet.

As you develop or integrate new systems, ensure that they adhere to secure coding guidelines, with a documented security profile. Once deployed, your organisation should regularly validate the security of these interfaces with both automated tools and penetration testing.

5. Review your cyber security risk profile

Your organisation should work across your executive and technical leaders to specifically identify your cyber risks and address each specifically to ensure that they have been mitigated – and where this is not possible, that residual risk positions are accepted by the organisation.

6. Elevate your cyber hygiene training and education

Training and testing staff to ensure that cyber security remains an organisation-wide priority is critical to ensuring that gaps in your cyber defence are avoided, and to increase the likelihood that attacks are detected and disrupted. This could take the form of phishing simulations, escape rooms, online training modules or face to face training.

Organisations must be vigilant

Those who action these six steps in the coming weeks and months will be working from a stronger, more secure foundation as the cyber threat environment continues to evolve.