For every company, a cyber attack seems to be only a matter of time. From this perspective, many organizations employ a CSIRT (Cyber ​​​​Security Incident Response Team). It can be compared to a fire department, which is available around the clock and intervenes quickly to put out a fire and find the cause. It’s actually insurance for your IT environment, but it shouldn’t stop there. Certainly not when you know that many fires can be prevented with proper prevention.

Victim of a cyber attack? Then acting quickly is important. A CSIRT will arrive on scene immediately to isolate the source of the fire and get your organization back up and running quickly. The team has specialized tools and experts who know what needs to be done to solve a problem and find out exactly how the fire started. This all sounds very good and having a CSIRT on hand is certainly a benefit to your business. But wouldn’t it be even better if you didn’t even see the fire department at your door? And that with the right measures you can make both your own and other organizations “cyber-fire-proof”?

We find that companies often invest in a CSIRT, but their cybersecurity is also inadequate.

Steven De Munter, cybersecurity consultant Orange Cyberdefense

In practice, we find that companies often invest in a CSIRT, but cybersecurity is also inadequate. They leave loopholes open, don’t have properly configured network security, and often forget to raise awareness among their employees. The latter are without exception also used as a “human firewall”. In this way, a CSIRT gives a false sense of security and makes it very easy for attackers to start fires.

Prevention is better than cure

Therefore, think of a CSIRT as a form of insurance for your business. It’s good if something goes wrong, but of course you hope you never have to resort to it. Motor vehicle insurance, for example, is important for those involved in an accident, but you still have to wear a seatbelt every time you drive and follow the traffic rules in order to avoid such an accident. And you don’t come across everything and everyone by chance. This is not a guarantee either, because you must be considerate of other road users who could cause an accident through a sudden maneuver or through inappropriate or unsafe behavior. A leak from a supplier can quickly spread to your own IT systems without appropriate precautions. Even an expensive CSIRT contract will not change this.

As a business, you need to view a cyberattack in the same way. You know it can happen suddenly, but you do everything you can to prevent it from happening. Find out what steps you can take to prevent a cyber fire. Which doors should you definitely not leave open or which “flammable” objects should you particularly secure? How should you set up firewalls to protect valuable data? Also consider a good backup strategy and a secure logging strategy that will allow you to quickly identify where and when the fire started in the event of an incident. This means you lose less time and can better assess which systems may have been compromised or where the spark is still burning somewhere.

Conduct regular fire drills

Your employees remain a weak link that cyber attackers like to exploit. So make sure you have enough training so that they have the right attitude. For example, you don’t want them to simply throw a cigarette in the trash without putting it out first. Data that is no longer needed should not be left lying around and destroyed so that the information does not fall into the wrong hands. If awareness is high enough, employees will also report suspicious events. For example, a small fire can usually be extinguished quickly before the flames spread.

While a fire drill is mandatory, companies must have the reflex to do something similar for their cyber environment. Try lighting a virtual trash can and see if anyone reacts. Or organize an incident response table top-Exercise. This allows you to simulate a fictional attack and see what impact it could have on your business. This is also a good way to raise awareness in management.

Share information with other companies

Where there is smoke, there is usually also fire. Before a fire starts, there are often signs that indicate a possible problem. Imagine a device that overheats. Companies would therefore benefit from having to communicate more with other players in their industry. If hackers manage to attack a bank through a vulnerability in a particular system, other banks using the same system may also be exposed to fire. Such a reporting requirement is an important pillar of the upcoming NIS2 directive, but organizations would also do well to take initiative and share information themselves. The best crisis meeting is one that you hold before a crisis actually occurs. In the long term, we can create an entire industry Cyber ​​resilience make.

Diploma? We can never completely eliminate the risk of a cyber attack, which is why a CSIRT offers you peace of mind. However, this should not be a reason to take a lax attitude towards your cybersecurity investments and activities. A CSIRT only makes sense when it is already too late. Consider what you’ll need to invest to fund three years of insurance and how much it will cost if a ransomware cyberattack shuts down your business for a week. With the right cybersecurity measures, you not only limit the risk of fire, but also reduce the impact of a cyber incident. And then maybe a good fire extinguisher is enough for you instead of an entire fire department…

This is a guest post by Steven De Munter, Cybersecurity Advisor at Orange Cyberdefense. Would you like to learn more about cyber crisis management? Then register for Orange Cyberdefense Live 2023 on November 9th in Edegem.