Article by CRMG
Just think for a minute… What would happen if all of your critical systems were suddenly taken offline?
What impact would this have on your business both internally and externally? Would you know how to respond to such an attack, and would you have the protocols and processes in place to ensure that your organisation could continue functioning as normal?
System availability attacks can paralyse a business in an instant, but the threat is not just from cyber criminals looking to exploit your weaknesses (or, as we increasingly see, nation-states targeting the critical infrastructure or information assets of their rivals). Availability incidents can just as easily happen accidentally as a result of human error. Regardless, the impact on the business is severe.
But what do we actually mean by a system availability attack/incident?
Defining system availability attacks:
A system availability attack is anything that impedes your business from having access to the information systems and processes that are required to operate normally.
In most cases, an attack will result in entire systems being taken offline but in rare circumstances can affect a particular information asset that stops a business from functioning. For example, an online retail organisation might find that it can no longer access its pricing schedules and formulae.
Hard-hitting – the impact of a system availability attack:
The pain felt from a system availability attack can vary significantly and can be anything from a few hours of inconvenience while the business recovers to days, weeks or even months of disruption depending on the type of attack the organisation has been subject to.
With systems down, organisations can no longer operate and communicate internally and for those that are customer-facing, can prevent them from providing the products, solutions and services that allow them to generate revenues. In the most extreme cases, this can put a company out of business.
The impact can continue long after systems are back online. Take a ransomware attack, for example. Even if the organisation pays the ransom, it can take weeks to recover data and get up and running again – the reputation damage caused during this time can be just as great as the financial impact suffered.
The types of attack that can take systems offline:
Distributed Denial of Service (DDoS) has historically been the most common availability-related threat, but ransomware is increasingly prevalent. While many consider ransomware to be an advanced cyber threat, it ultimately takes systems offline and makes vital information unavailable.
Understanding the risk of systems being taken offline accidentally:
Human error should be considered a cyber threat, and it is one of the most common causes of availability incidents for small, medium and enterprise-level organisations. User error is wide-reaching and can relate to either back-end administration or the regular business use of a system.
It is most likely to occur when the use of privileged user accounts is widespread and/or poorly controlled, and when systems require significant manual inputs or processing steps such as spreadsheet imports. While there is often no malicious intent, user error resulting in a system availability incident is just as harmful to an organisation as a well-planned cyber attack.
How to respond to a system availability attack:
How the organisation responds to its systems going offline is key to limiting the damage caused to the business. Access to specialist internal skills or external expertise that knows exactly what processes and activities should kick in is crucial to survival.
Make sure you know what, when, how and who. This should be set out in an all-encompassing Cyber Security Policy with buy-in from the top down and all employees trained to be cyber security aware.
The biggest mistakes we see businesses make:
Failing to plan is planning to fail, and this is the biggest mistake the vast majority of organisations make when it comes to system availability incidents. We often see insufficient capacity planning as well as inadequate system/security testing to identify potential loopholes before an incident occurs.
It’s also common for organisations to not patch quickly when updates become available and for them to have weak internal policies and processes in place which often leads to “headless chickens” syndrome when something does occur.
How to be more resilient to system availability incidents:
Having an effective plan and policy in place is the only way to improve resilience. In technical terms, this should focus on sufficient system capacity, security testing, frequent patching and strong cyber defences that are well-configured and with well-maintained firewalls.
The organisation needs to have in place a mechanism that enables staff to report even the mildest signs that the business might be under attack – this requires regular staff training.
Should systems go down, it’s vital for the organisation to have separate, up-to-date backups that have been tested. This, combined with a comprehensive business continuity plan so that everyone in the organisation knows what to do when an incident occurs, can significantly improve resilience, response and recovery.
More from CRMG here