Michael J. Sher, founder of Groupdolists, discusses what CIOs and CISOs have learned from managing recent cyber attacks
CIOs and CISOs have had to adapt to rising levels of cyber attacks.
Enterprises around the world are deluged by a flood of unprecedented cyber security threats – up 600% in 2020. As a result, the roles of both chief information officers (CIOs) and chief information security officers (CISOs) are expanding and changing.
One significant change they are experiencing as a direct result of the cyber attack onslaught is their increased need to collaborate and coordinate their response. As David Mahon, CISO of Deloitte Global, writes, “…a data breach is not just a cyber security issue – it’s a corporate crisis issue and should be treated as such.”
Though CIOs and CISOs operate from different viewpoints, they share overlapping goals. They may have different teams, different places on an org chart. They may even have different bosses. Yet, come a cyber attack, CIOs and CISOs must operate in lockstep to manage a response successfully and avert an even bigger crisis.
Adding to their challenges, few of their organizations are equipped with purpose-built technology that help manage effective and efficient responses to cyberattacks and ensure cyber resiliency.
Groupdolists is an advanced response platform that empowers incident management command, control, and collaboration between CIOs and CISOs, and others.
The platform delivers a full spectrum of communications functions that the CIO and CISO use to coordinate not just with each other, but upstream and down with other critical response team members.
What CIOs, CISOs and their organisations are up against, and what tools they may need to react faster and perform better in response to an attack, are issues that have gained even more scrutiny recently due to the SolarWinds hack, the largest and most sophisticated cyber attack to date.
SolarWinds is the IT software company through which hackers opened up a secret back door and gained access to some 18,000 governmental and private-sector companies. The breach eluded sophisticated cyber security operations and some of the best detection tools available today. As of now, nine US federal agencies and approximately 100 private-sector companies are known to have been compromised.
The SolarWinds attack and other very recent high-profile breaches, notably the Microsoft Exchange Server hack that victimised some 30,000 US organisations, brought to light many short comings in CIO/CISO incident response:
Cacophony of Communications. As many organisations responded to the SolarWinds hack, problems quickly multiplied. CIOs and CISOs both found themselves having to respond via numerous, simultaneous (and often duplicative) forms of communication — emails, chats, conference calls, texts, Slack, Teams, and so on — challenging them to spend too many precious minutes (if not hours) discerning what had occurred and when. This cacophony of inefficiencies made it even more challenging to track and report on mitigation and remediation progress.
No Network. Many CIOs and CISOs reported that response actions became nearly impossible to execute effectively because their networks were shut down while potential damage was assessed. Somehow, they still had to coordinate within the C-suite, internal and external crisis response teams, their own cyber security team, the broader IT infrastructure, and critical vendors. All this while overseeing vitally important communications to internal and external stakeholders.
Privileged Info. Unprotected. As they fought against the attack, CIOs and CISOs were additionally burdened to scrupulously separate their technical response operations from any privileged dialogue they may have had with the General Counsel, C-suite, other entities such as Investor Relations or external parties such as vendors. Such discussions would have been in relation to highly sensitive issues such as what to disclose to customers, when to disclose it, legal disclosure requirements, and so forth.
Documentation Distress. Already overextended while taking actions in response to the attack, CIOs and CISOs were hard pressed to maintain accurate chronological documentation and auditing records, which nonetheless had to be completed (and researched) in order to fulfill retention and audit requirements, make insurance claims and file reports with regulators.
CIOs and CISOs were drowning in the SolarWinds storm. They did not just need to keep their heads above the turbulent water, they needed to navigate in it more efficiently, lead and coordinate with the other responding teams.
In short, they needed Groupdolists. And now they need it more than ever because the threats are getting worse, more frequent and the risk level higher.
Groupdolists’ highly intuitive incident response platform enables CIOs and CISOs to take virtual command and control of any incident from anywhere. It keeps them above the torrent and on course to stem the damage and get the organization back to normal operations as quickly as possible.
How to empower your chief information security officer (CISO)
This article will explore how organisations can empower their chief information security officer (CISO) to excel in securing infrastructure. Read here
- Streamlines, automates, and synchronises response processes and response teams.
- Operates securely and independently with no dependencies on a compromised corporate network.
- Clear compartmentalisation of communications adheres to the strictest security requirements.
- Ensures that incident response to any attack is immediate, coordinated, and effective.
- Digitised runbooks, playbooks and response plans are made interactive and actionable, featuring stress-reducing checklists, integrated text chat, tap-to-join conference bridges, incident logs, and the ability to share all forms of media.
- Plans and checklists are pushed out locally onto the devices of all authorised response team members, keeping everyone in sync and controlling the optimal flow of information in both directions.
- All actions are automatically and chronologically documented.
- Senior leadership can be effortlessly updated throughout any incident duration, allowing CIOs and CISOs to stay coordinated as they focus on mitigating damages and recovery.
“During any unexpected incident, my team can access critical response procedures and follow them step-by-step, ensuring that proper protocols are followed, automatically documented and searchable at any time.”
Today’s deluge of increasingly harmful cyber attacks is without question causing both CIOs and CISOs scopes of work to expand. CISOs no longer just fill a technical management role, they’re taking on digital security leadership positions for managing all aspects of an organisation’s risk management, resiliency, and incident response. At the same time, the pandemic has driven many organisations to accelerate their digital business initiatives, which puts a new set of demands on CIOs.
Groupdolists provides CIOs, CISOs, and their executive leadership teams managing overall enterprise risk with a powerful solution that guides them as they navigate and lead incident responses through today’s cyber tempests.
For additional information on Groupdolists, please send us an email or visit our website. If you’d like to contact one of our Security Advisory Council members directly, click here.