Cyber-first conflicts are when an organization uses a digital attack as its primary attack method. A physical confrontation may (or may not) ever occur. The focus of cyber-first conflicts revolves around three things; disruption of critical business services, network/cloud/comms compromise, and using misinformation or disruption to influence decision-making.
Leaders do not need to know the technical details of a cyber-first conflict. The question that they need to answer is how do cyber-first conflicts affect business continuity, trust, and decision making.
Recognizing Early Warning Signs of Cyber First Conflicts
In real-world cases, there are often very subtle signs that indicate a cyber-first conflict was launched:
1. Slow or delayed network performance
2. A spike in credential anomalies
3. Sudden changes in supply chain access
4. Phishing campaigns that align with current board activity
None of the above signs will show up with a loud and clear alert. It will take an analyst who is monitoring for trends or behaviors to notice the signs.
Business Impact of Cyber First Conflicts
A Cyber-first conflict affects multiple facets of an organization:
1. Business Operations: The critical systems needed to support the organization are going to be unavailable or unreliable.
2. Business Reputation: Customers, partners and regulators will lose confidence in the organization.
3. Business Supply Chain: A cyber breach of a 3rd party vendor creates a cascading effect on the organization's supply chain.
4. Business Operations: Executive leadership will be at a targeted disadvantage because they will be relying on inaccurate information Every cyber-first attack is committed to the goal of not just stealing data, but also causing disruption and leveraging influence.
Leadership Strategic Planning:
Leaders can impact outcomes, even without administration over firewall equipment:
1. Understand the most critical assets.
Ensure you know which systems are most critical to your operation and would hinder your ability to conduct business if compromised.
2. Establish protocols to escalate issues to the appropriate level.
Determine how/when to engage executives, legal teams, and regulators.
3. Practice Communicating during times of Stress.
Conduct exercises simulating an incident to evaluate the effectiveness of secure coordination during a disruption.
4. Identify the key components of your Supply Chain.
For your organization's supply chain, map each of your critical partners, their risk and recovery capabilities.
5. Collaborate and share information with others in your sector, and with agencies responsible for oversight.
Filled with unexpected events, organizations that collaborate and share intelligence can minimize the impact of disruption.
Real World Experience Examples:
1. A power company had multiple service disruptions to their network during a period of time associated with politically motivated activity occurring in the region where their network was located. From this, corporate leadership learned of early signs of network disruption, minor anomalies, that allowed the opportunity to resolve issues before they became major service interruptions.
2. One organization discovered that a vendor's system had been compromised, as they had deployed software updates that were not legitimate. A board member's request for information allowed for a controlled audit and prevented the deployment of the updates.
3. An organization had company emails that contained sensitive information compromised by their employees. By identifying which roles were compromised, company leadership was able to identify candidates that required additional verification prior to taking action on any information.
Where Preparedness Comes Into Play
Cyber-first outbreak campaigns do not necessarily generate sensational headlines, rather they capitalize on opportunity and confusion of timing, trust, and uncertainty.
To help mitigate potential harm, leaders who monitor executive-level signals, develop and implement quick methods of communicating internally, and pre-establish Contingency Plans with limited exceptions can minimize negative effects from cyber first campaigns on operational, reputational, and financial levels.
Actionable Next Steps Include:
1. Executives performing tabletop exercises based upon a cyber-first scenario
2. Establish a board-level understanding of the IT risks associated with the organization
3. Establish contact with law enforcement and other regulatory authorities
4. Develop and maintain rapid methods to make decisions involving input from IT departments
5. Ensure that Incident Response Plans Address Supply Chain issues and Information Operations
Key Learnings:
1. Cyber-first conflicts are characterized by a priority of Disruption, not solely Data Theft
2. There are subtle, often unnoticed signals, which typically come before Major Cyber Events
3. If the Board Members of an Organization do not know and understand the IT risks, responses will not occur in a coordinated manner or be timely
4. Developing a Defined Protocol for Communication and Decision Making, Prior to a Cyber Event, will Reduce Risk
5. Knowing How the Supply Chain can expose an Organization is Critical for Protecting an Organization's Operations and Reputation
Preparedness for Leaders Turns Uncertainty into Manageable Risk.
