As three major network outages at the New York Stock Exchange, United Airlines and the Wall Street Journal set the US on edge on Wednesday and questions about the possibility of a cyberattack swirled in the media, the importance of network protection once again hit the spotlight.
While initial reports indicated the outages were not a result of attacks, network outages such as these are the number one fear of mobile operators, according to a recent survey by Light Reading's analyst arm Heavy Reading. That research estimates that as many as 50% of mobile operators worldwide could be suffering an hour-long outage in a significant part of their network at a rate of once a year as a result of cyberattacks.
In addition, while the number of mobile operators surveyed that are seeing frequent incidents is still a minority, it does appear to be growing -- it's up from 11% in October 2013 to 16% in 2014, says Heavy Reading.
These survey highlights were shared on The New IP's latest hour-long webinar "Dealing with the Breach," which also featured presentations by Bryan Sartin, director of the Risk Team at Verizon; Emily Mossberg, principal of Cyber Risk Services at Deloitte; and Paul Nikhinson, Privacy Breach Response Services manager at Beazley. (Watch the replay here: Dealing with the Breach.)
During the webinar, Sartin highlighted the importance of threat intelligence sharing to help enterprises keep their names out of the headlines as the next victim -- and used the provider's 2015 Data Breach Investigations Report as a prime example.
Verizon's DBIR highlights cyber security failures -- not successes, says Sartin -- as well as the tools, techniques and procedures of the adversaries such as organized crime rings and governments in order to help enterprises protect their networks. "When it comes to cyber intelligence, there's strength in numbers," says Sartin.
Another key to protecting enterprise assets from a cyberbreach is understanding that incident response is "more than a technology problem," says Mossberg. "It's one that brings together an overall business response... It's one that needs to understand the business impact to the entire organization and depending on the data that's been taken, there may be a different response that needs to be taken."
Understanding the regulatory impact is also important, says Mossberg. "Depending on the type of information that's been taken, there may be specific questions coming from the regulators that you may be subject to, around what has occurred and around what your approach has been."
In addition, Mossberg says that incident response starts with having the executive leadership in place and appropriate guidelines and plans around communication. "How you are going to communicate internally and externally is important," she says.
Indeed, communication is a key challenge when it comes to a security breach, according to Nikhinson. "Most of the companies today [that are experiencing breaches] are not disclosing breaches out of the kindness of their own heart, they are doing so because there is a patchwork and almost nonsensical at times quilt of breach notification laws across the US," he says.
In addition to sharing the steps a company needs to go through to prevent a breach, he also shared the four main daunting consequences of suffering a breach, including class-action lawsuits; regulatory fines, penalties and consumer redress; reputational damage; and income loss.
However, Nikhinson says, preparation can help mitigate those damages. "The better a job we do in preparing, the more streamlined the process is, the more we do upfront, the better the chances are to avoid those four calamities."
To learn more, watch the full replay here: Dealing with the Breach.
— Elizabeth Miller Coyne, Editor, The New IP