Although the frequency of a cyber security attack on a large scale is low, by 2018, 40 percent of large enterprises in New Zealand, and across the world, will have formal plans to address aggressive cyber security business disruption attacks, up from zero percent in 2015.
According to Gartner, business disruption attacks require new priority from chief information security officers (CISOs) and business continuity management (BCM) leaders, since aggressive attacks can cause prolonged disruption to internal and external business operations.
"Gartner defines aggressive business disruption attacks as targeted attacks that reach deeply into internal digital business operations with the express purpose of widespread business damage," says Paul Proctor, vice president and distinguished analyst, Gartner.
"Servers may be taken down completely, data may be wiped and digital intellectual property may be released on the Internet by attackers.
“Victim organisations could be hounded by media inquiries for response and status, and government reaction and statements may increase the visibility and chaos of the attack.
“Employees may not be able to fully function normally in the workplace for months. These attacks may expose embarrassing internal data via social media channels — and could have a longer media cycle than a breach of credit card or personal data."
To combat these types of attacks, Proctor believes CISOs must pivot approaches from blocking and detecting attacks, to detecting and responding to attacks.
"Entirely avoiding a compromise in a large complex enterprise is just not possible, so a new emphasis toward detect and respond approaches has been building for several years, as attack patterns and overwhelming evidence support that a compromise will occur,” he adds.
“Preventive controls, such as firewalls, antivirus and vulnerability management, should not be the only focus of a mature security program.
“Balancing investment in detection and response capabilities acknowledges this new reality.”