Business significance of a cyber event. Having CISO-as-a-Service. What are the Pros, what are the Cons?
Earlier this week there was a report in the evening news about an accountant’s firm that were hit by a ransomware, and they have chosen to pay the ransomed to gain control of their files again
WhatsApp groups started to buzz and tweet with ideas on what should be done or not, and about the fact that this is a firm of layman as they did nothing to protect and did encourage additional attacks. All were focusing about the technical aspects of the issue and explain from their technical knowledge what was required to be done in order to revive from such event.
I have said – good for them – for that firm, that they are back to normal operations. And if they have did performed analysis and comparison of the costs of various course of action, I will add job well done.
Cyber-attacks as most of us know is starting within the cyberspace but very fast they are breaching out of the matrix to the real world.
My favorite example. DOS attack on Siemens SCADA components (see here and here for vulnerability) disables railroad signals and controls. Now two trains are running towards each other – how do you stop this event?
Another example – this hospital that was hit by ransomware and decided to pay the attacker. But before doing, right after they have eliminated the affected computers and closed the holes (RDP was enabled in the Firewall) thy did the math… how much impact to their business and what will be the costs of reviving the data from backup. The bottom line was clear.
Don’t get me wrong, it is good that there are technical discussions what should be done, or what they (those on the forum) would have done differently, but Cyber is not only about technical issues…
A CISO should be technical savvy, however at first, he MUST be familiar with the company’s business and understand why will serve the company best.
The debate was rotating around an axis that deals with backups... less with the restoration… and even less with the business significance of a cyber event.
Having said that, CISO-as-a-Service. What are the Pros, what are the Cons?