Page 106 - Cyber Defense eMagazine October 2023
P. 106
People: The Drivers of Cybersecurity
In 2017, Maersk fell victim to the devastating NotPetya ransomware, bringing its operations to a grinding
halt. The company's IT professionals emerged as unsung heroes during this crisis. Acting swiftly, they
isolated compromised systems to halt the malware's spread, and in an extraordinary effort, rebuilt the
entire IT infrastructure—from reinstalling thousands of servers and PCs to restoring crucial applications—
in a mere ten days. Their rapid response, combined with transparent communication and collaboration
with external cybersecurity experts, enabled Maersk to recover from a situation that could have otherwise
spelled disaster. The team's tenacity and strategic foresight not only restored operations but fortified
Maersk's digital defenses for the future.
Moreover, the human aspect isn't limited to the IT department. A comprehensive cybersecurity approach
necessitates an organization-wide culture of awareness. Gartner’s assertion that over 90% of data
breaches result from human error underscores this. It's not just about having cybersecurity experts on
board; it's about ensuring every individual in the organization understands their role in maintaining cyber
hygiene. The parallel in F1? While the driver is the face of the race, it's the collective effort of the entire
team, from engineers to analysts, that determines success. In the cyber world, every employee, from the
CEO to the intern, plays a pivotal role in defense.
Process: The Pit Stop Strategy
Processes are the backbone of any effective cybersecurity framework. Processes in cybersecurity act as
the glue holding all facets of defense together. A potent illustration of this concept can be found in the
2013 breach of Target. While the breach itself was significant—compromising the personal data of
millions of customers—it was the nuances of how it played out that spotlighted the importance of
processes.
The attackers initially gained access through a third-party HVAC vendor's network, demonstrating the
need for rigorous processes when it comes to third-party access controls and vendor management. Even
as the breach unfolded, Target's security tools detected the intrusion. However, a lack of an efficient
response process meant that these alerts went unheeded. This oversight accentuates how critical
processes are: advanced detection systems are useless if there's no structured protocol to act upon the
alarms they raise.
The aftermath of the breach revealed gaps in Target's incident response plan. The public relations fallout,
delayed notifications to affected customers, and the subsequent erosion of trust signaled the necessity
of having a well-thought-out communication strategy, encompassing both internal stakeholders and the
public. This strategy should kick into gear the moment an anomaly is detected.
Drawing parallels with F1, it’s akin to a car's sensors identifying an issue but the pit team, lacking a
protocol, fails to act swiftly, costing the driver valuable time—or worse, the race. An effective
cybersecurity strategy is more than just alarms and detections; it’s about orchestrating identification,
response and communication. In the relentless pace of the digital age, a process failure can mean the
difference between a manageable incident and a full-scale catastrophe.
Cyber Defense eMagazine – October 2023 Edition 106
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.