Our Views:
Cyber security to do list for 2024
In the dynamic landscape of today’s business environment, cyber threats pose a significant risk to organisations. Executives must prioritise cybersecurity to safeguard their sensitive information and maintain the trust of stakeholders. To address these concerns, we have assembled a list of must haves for 2024 based on the trends we have seen over the last five years of operation.
Cyber Security Frameworks and Controls
Good cyber starts with appropriate governance, which requires the selection and adherence to a suitable set of frameworks and controls. The NIST Cyber Security Framework (CSF) celebrates its 10th birthday this year, while the CIS Controls has hit the 15-year milestone. Depending on your organisation, one or both, may be beneficial. The NIST CSF was initially focused on critical national infrastructure, so our clients not operating in this space tend to adopt solely the CIS Controls. Schedule an assessment, develop a roadmap and regularly check in on your team to ensure they have the appropriate resources to make steady progress.
Training and Awareness
According to the 2023 Verizon Data Breach Report, around 75% of all cyber incidents were caused by human error/omission. Empower your staff with cyber security training and phishing simulations. By educating your workforce on identifying potential cyber risks, you significantly reduce the likelihood of falling victim to a cyber-attack.
Incident Response Preparation
Preparing for a cyber crisis is imperative. From the work we conduct in the field, we have developed a suite of documentation including an executive incident response plan through to a range of playbooks (e.g. ransomware, business email compromise, privacy breach). We can assist you in tailoring these to suit your organisation and host them in our electronic control room.
Crisis Resilience
With your documentation in place, the next step is to stress test this through tabletop exercises or cyber simulations. Many organisations regularly conduct penetration testing (Red Teaming) so ask yourself when the last time was you conducted a simulation (Gold Teaming). This proactive approach assists your executives and incident response team in identifying gaps in current processes, allowing for continuous improvement and readiness.
Incident Controllers
Hopefully, you have not had much opportunity to hone your skills as a cyber incident controller. Leverage our extensive experience in managing a cyber incident where we will guide you through all stages of a data breach, offering support either on-site or from our dedicated incident response control room.
Forensic Technology Experts
Faced with a data breach, you will likely need to engage legal and forensic technology expertise. Recent events have shown failure to do so may result in highly sensitive information needing to be disclosed to parties making a claim against your organisation. Ensure you maintain privilege and confidentiality from the outset.
Specialist Data Breach Software
2023 saw the largest ever data breach in New Zealand, as well as similar breaches in Australia. Given the scale of data needing to be assessed for customer notification, the use of appropriate technology is vital to ensure notifications can be sent in a timely manner. Utilising advanced forensic software that includes AI capabilities, we are able to scrutinise the source of compromise and assess the extent of confidential information breach. This includes PII and other sensitive information, providing a comprehensive understanding of the breach for informed decision-making.
Mandatory Notifications
Having assisted numerous organisations with their notifications, we have developed an automated solution to populate and track your notification requirements. Stay compliant with the NZ Privacy Act 2020 ensuring that mandatory notifications are executed efficiently and effectively.
Ongoing Monitoring
The Office of the Privacy Commissioner requires organisations who have suffered a privacy breach, to be actively monitoring for potential data leak sites on the Dark Web and elsewhere. We use automated monitoring software to aid in the detection of changes to such sites. Also consider the need to monitor the open web and social media to manage your ‘Brand Reputation’ as well as conducting Credit Monitoring for affected individuals.
Reliable Resources
Keeping abreast of the ever-changing landscape without overloading your inbox requires clear regular summaries of the key risks. Subscribe to reliable resources such as our bulletin so we can enhance your cybersecurity posture, enabling your organization to thrive securely.
About the Bulletin:
The NZ Incident Response Bulletin is a monthly high-level executive summary containing some of the most important news articles that have been published on Forensic and Cyber Security matters during the last month. Also included are articles written by Incident Response Solutions, covering topical matters. Each article contains a brief summary and if possible, includes a linked reference on the web for detailed information. The purpose of this resource is to assist Executives in keeping up to date from a high-level perspective with a sample of the latest Forensic and Cyber Security news.
To subscribe or to submit a contribution for an upcoming Bulletin, please either visit https://incidentresponse.co.nz/bulletin or send an email to bulletin@incidentresponse.co.nz with the subject line either “Subscribe”, “Unsubscribe”, or if you think there is something worth reporting, “Contribution”, along with the Webpage or URL in the contents. Access our Privacy Policy.
This Bulletin is prepared for general guidance and does not constitute formal advice. This information should not be relied on without obtaining specific formal advice. We do not make any representation as to the accuracy or completeness of the information contained within this Bulletin. Incident Response Solutions Limited does not accept any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, when relying on the information contained in this Bulletin or for any decision based on it.
Incident Response Solutions 