Online all the time, anywhere with anything
Call Us: +46 8 50003170

No chain is stronger than the weakest link

Security incidents happen all the time, this weekend started with a bad ramsom-ware attack causing mission-critical systems to a halt. Most incidents can be avoided if you predict them and try to secure the systems so the systems can stand an attack.

This past week I have been fortunate to share some of my experiences with incident management. I have seen many incidents bring systems to a halt, all of them could have been avoided if the responsible to manage the systems and their managers had invested in security. I sometimes hear managers saying that we are likely to be the target, the likeliness that we will be the target is so low. I ask them how often they have a fire at the office and the answer is it is not likely. Still they are paying for fire insurance and fire safety system so why not invest in the ICT infrastructure?

Even if you do invest a lot most of the incidents happen due to human errors, like with the ransom-ware that is spreading this weekend. The source is an email attachment that users are opening from an unknown source. I am stunned to hear that this happens today at 2017, when it happened almost 20 years ago when the Melissa virus made email servers go mad I was not that stunned.

The biggest fear I have now is that managers will start to luck for the bad guy or girl who opened the attachment so they can be punished. I hope managers are not that stupid so they will go after the human being who made an error. Most likely is it done by an un-stimulated employee.

The biggest fear I have for ICT security and for the upcoming GDPR is that the managers will punish the ones who report human errors made by themselves. Or even worse that managers are creating a mindset that it is OK to spy and report your teammates.

I urge managers to establish a culture so employees feel positive and encouraged to report incidents. The only way for the employees to be able to get that mindset is by being given a chance to increase competence.

Competence to fight attacks and incidents is to be competent and get trained. A policy and incident management plan is only tested when it is being rehearsed by the employees. The plan will contain possibilities to be misunderstood and will contain to few actions to really keep the systems up and running.

I am sure that the companies and organisations that were hit during the weekends ransom-ware attack have invested huge amount of money in ICT security.

  • Expensive firewalls with pages of configuration to block by adding access rules to stop the bad guys from entering the building.
  • Investment in anti-virus is also a big chunk of money spent.
  • Sending ICT staff on expensive trainings for ICT security, so many so they don’t have time to put the knowledge to practice.
  • The investments in plans to bring the systems up and running again together with redundant networks, servers and other parts are most likely a big part of the budget.

The biggest mistake is that the managers are not investing in the most important asset they have. Many organisations claim their biggest asset is the staff, so why don’t they invest in raising the competence and awareness? There is statistics claiming showing that 77% of the organisations in Sweden are not investing in their staff.

Good incident planning and management contain among others these important pieces.

  • Establishing a culture to promote the reporting of security issues that can lead to incidents.
  • An incident response team that quickly can be put together to neutralize an incident.
  • Management following the security guidelines and creating a culture that encourages reporting.
  • Training, training and training of incident management. Remember that ICT-systems are being updated with new features that may open up for new incidents.

Do you need assistance with incident management for the upcoming GDPR?

 

Incident management