IT Buzz: What's Now, What's New, What's Next.

How to tell if your organization needs an Incident… | Compugen

Written by Marc Perreault | 6-May-2021 4:00:00 AM

As a cybersecurity specialist, I make it a point to never intentionally scare customers. I don’t like the idea of drumming up business by playing on people’s fears and painting a dire picture of the world in which we live. My approach is to educate them about the reality of challenges they are going to face. I say this because when I describe the current state of cybersecurity threats in the world today, it could easily be mistaken for intentional scare tactics. I assure you, it is not.

The reality is that cybersecurity attacks skyrocketed in 2020. In the first six months alone, Risk Based Security estimates that data breaches exposed 36 billion records. These attacks only increased in the second half of the year with Cyber Security Cloud reporting an average of more than 32 million cyberattacks per month against companies using its services in July and August, an increase of 30 per cent compared to the first half of 2020.

Many experts point to the sudden work-from-home initiative which left many organizations more vulnerable than they were previously. With people using their home network rather than the more secure corporate network, bad actors preyed on people who didn’t realize clicking on an innocent looking link would open the door to a ransomware attack. In fact, according to Cybint, 95 per cent of cybersecurity breaches are caused by human error.


Given the current cybersecurity landscape, the question is not if your organization will be hit, but when. This is why formulating an Incident Response Plan (IRP) is more important than ever. If you’re wondering how vulnerable your organization is, here are three questions to ask yourself.

1. Does my organization store or process data that would cause harm to an individual or group if leaked?

This question is all about confidentiality. The two main areas we usually focus on when looking at data privacy is Personally Identifiable Information (PII) and financial data. PII could involve your social insurance number, driver's licence, health card number, or anything that could easily enable somebody to either duplicate your identity or maliciously use your identity. Financial data that gets compromised is most commonly credit card numbers or bank account information.

If your organization is storing that type of data, you should have encryption and backup encryption in place because you can easily become a cyberattack target. My best advice to any organization is not to process any payment through your own servers, but to facilitate payment through a third party such as PayPal, because they have the security in place to deal with that threat.

2. Does my organization store or process data that would cause harm to an individual or group if maliciously modified?

Here we’re talking about data integrity and there are various ways this could pose serious issues for any organization. Let's use the example of someone going on a corporate website that has photos and bios of the leadership team. If a bad actor modifies this information in a way that embarrasses or reflects badly on a senior executive, that's considered a loss of data integrity. The data is being modified maliciously to cause harm.

3. Does my organization store or process data that would cause harm to an individual or group if it became unavailable?

This one is about data availability and the consequences of your data suddenly being unavailable. This is perhaps the most common threat as it deals with the issue of ransomware. If you own a chain of hardware stores, recovering your lost data will be costly and onerous. But what is at stake if your organization is a hospital, police force or fire department? In Germany in 2020, a patient’s death was at least partially attributed to a hospital ransomware attack that prevented the patient from being admitted. The patient was in transit to another hospital when they passed away.

If you answered ‘yes’ to any of the above questions, hopefully you understand why you need an IRP. If you’re lost about what steps to take next, don’t fret: In part two of this blog post, I’m going to tell you about IRP workshops Compugen facilitates, and how we can help set you up for success.

If you’d like to find out more about how an IRP can better protect your organization, feel free to drop me a line. I’d love to discuss it with you. mperreault@compugen.com