• Advertise
  • Contact Us
  • About Us
  • Supplier Directory
  • SCB YouTube
  • Login
  • Subscribe
  • Logout
  • My Profile
  • LOGISTICS
    • Air Cargo
    • All Logistics
    • Express/Small Shipments
    • Facility Location Planning
    • Freight Forwarding/Customs Brokerage
    • Global Gateways
    • Global Logistics
    • Last Mile Delivery
    • Logistics Outsourcing
    • LTL/Truckload Services
    • Ocean Transportation
    • Rail & Intermodal
    • Reverse Logistics
    • Service Parts Management
    • Transportation & Distribution
  • TECHNOLOGY
    • All Technology
    • Artificial Intelligence
    • Cloud & On-Demand Systems
    • Data Management (Big Data/IoT/Blockchain)
    • ERP & Enterprise Systems
    • Forecasting & Demand Planning
    • Global Trade Management
    • Inventory Planning/ Optimization
    • Product Lifecycle Management
    • Sales & Operations Planning
    • SC Finance & Revenue Management
    • SC Planning & Optimization
    • Sourcing/Procurement/SRM
    • Supply Chain Visibility
    • Transportation Management
  • GENERAL SCM
    • Business Strategy Alignment
    • Education & Professional Development
    • Global Supply Chain Management
    • Global Trade & Economics
    • HR & Labor Management
    • Quality & Metrics
    • Regulation & Compliance
    • SC Security & Risk Mgmt
    • Supply Chains in Crisis
    • Sustainability & Corporate Social Responsibility
  • WAREHOUSING
    • All Warehouse Services
    • Conveyors & Sortation
    • Lift Trucks & AGVs
    • Order Fulfillment
    • Packaging
    • RFID, Barcode, Mobility & Voice
    • Robotics
    • Warehouse Management Systems
  • INDUSTRIES
    • Aerospace & Defense
    • Apparel
    • Automotive
    • Chemicals & Energy
    • Consumer Packaged Goods
    • E-Commerce/Omni-Channel
    • Food & Beverage
    • Healthcare
    • High-Tech/Electronics
    • Industrial Manufacturing
    • Pharmaceutical/Biotech
    • Retail
  • THINK TANK
  • WEBINARS
    • On-Demand Webinars
    • Upcoming Webinars
    • Webinar Library
  • PODCASTS
  • VIDEOS
  • WHITEPAPERS
Home » Blogs » Think Tank » Five Ways That Companies Can Prepare for a Cyber Attack

Think Tank
Think Tank RSS FeedRSS

Five Ways That Companies Can Prepare for a Cyber Attack

July 17, 2017
Robert J. Bowman, SupplyChainBrain

Even the most secure systems are vulnerable to intrusion from a dedicated hacker. Companies of all types and sizes need to be focusing on the creation of effective programs for responding to attacks.

"The threat is, and has always been, there," says Jake Williams, founder and president of network security specialist Rendition Infosec. "It's not a matter of if there will be another attack, it's just a matter of when."

The time for preparation is now, Williams says. He recommends five steps that companies can take to shore up their incident-response programs:

1. Build a ‘playbook.’ Williams defines the term as a set of steps that will be executed in response to a given incident. A company should know in advance the security software upon which it will rely. And users must be trained in deployment of the application for investigating the various types of compromises that can occur in the network.

“You should be able to take your playbook and begin running those plays,” says Williams, “as opposed to asking how do I log into the system.” A typical playbook might consist of up to 200 pages of documented responses. It’s especially vital to have it on hand, he adds, to guide new personnel in adhering to company protocol.

2. Obtain a baseline. Many times a company under attack will be looking deeply at its network for the first time. Setting up a baseline of normality in advance helps to identify what various systems looked like when they were first rolled out into production. As a result, responders in a crisis can determine “what’s normal and what’s spooky, and needs to be further investigated,” Williams says. They can proceed to focus only on those elements that are different.

Rendition Infosec uses specialized software to examine between 25 to 30 different data points for a generic system, and up to 100 for more complex setups. Regardless of the level of detail, Williams urges companies to scrutinize their networks on an ongoing basis, with each new version or update of the software.

3. Incorporate non-traditional staff. Williams cites janitorial services as a particular, if overlooked, area of concern. They need to be in the loop in the event of a cyber attack, which often involves the establishment of a command room, and staffers working long hours to deal with the crisis. Areas must be kept clean in order to keep morale high. And janitors need to be instructed not to erase whiteboards or remove other materials that are in use.

Physical security is yet another aspect to consider. Individuals working through the night can be held up needlessly while waiting for a security guard to grant them access to the building. “The cost of having somebody available in the off hours is a tiny fraction of what you’re paying for the incident response,” Williams says. In addition, public relations representatives should be brought into the loop as early as possible, to prepare appropriate statements and keep customers and the public apprised of the company’s efforts.

4. Make liberal use of ‘tabletop’ exercises. Work with clients on a regular basis, at least once a quarter and possibly once a month, to create simulated breaches and mock incidents. In the process, companies can determine the validity of the playbook before it’s needed in an actual crisis. It starts with issuing an “alert” that customers’ systems have become infected by a company’s website. Response staff then begins walking through the steps that must be taken, including access to logs and identification of the affected server.

Often a mock exercise will expose serious inadequacies in the company’s response plan. “Management has planned for one person to do four things during an incident,” says Williams. “Who’s going to handle what? You can’t be in two places at once.”

Companies might also discover that designated crisis responders don’t have access to the logs they need to diagnose and cure the breach. Cloud-based systems can raise additional obstacles because they require different logging procedures and authorization challenges.

5. Learn to speak ‘business.’ The world of cybersecurity experts is chock-full of acronyms and obscure terms that aren’t understood by most business clients. Williams says those individuals need to learn how to speak to customers in terms of profit and loss. “We’re a cost center all the time,” he says of his field. “We never make money for the business.” Security consultants need to drive home, in laypersons’ terms, the high cost of failing to respond effectively to a cyber attack.

Often they’ll be required to adopt the language of specific verticals. “For healthcare, we use healthcare analogies,” says Williams. “For manufacturing, we talk about their supply chain.”

Williams stresses that these five steps won’t prevent a cyber attack from occurring. They are, however, mitigating measures that can help companies to reduce costs and downtime in the event of an incident.

“It’s hard for a lot of people to swallow, to say let’s go spend money on preparation, when others are saying they have a [good] defense in place,” he says. “Defense is also essential, but once you have it, you need to understand that even the best attempts are going to fail, and ask how you’re going to address [the breach] when it happens.”

Comment on This Article

Global Logistics Supply Chain Planning & Optimization Supply Chain Visibility Technology Business Strategy Alignment Quality & Metrics Supply Chain Security & Risk Mgmt High-Tech/Electronics

RELATED CONTENT

RELATED VIDEOS

Subscribe to our Daily Newsletter!

Timely, incisive articles delivered directly to your inbox.

Popular Stories

  • DOCUMENTS BEARING THE INSIGNIA OF US CUSTOMS AND BORDER PROTECTION LIE ON A TABLE

    New CBP Regs Call for Greater Diligence by Brokers in Reporting Security Breaches

    Freight Forwarding/Customs Brokerage
  • A WORKER IN A WAREHOUSE, SUPERIMPOSED WITH GRAPHICS SHOWING SUPPLY NETWORK

    Enabling Intelligent Visibility With Supply Chain Analytics

    Data Management (Big Data/IoT/Blockchain)
  • A GROUP OF WORKERS RANGED IN AN OFFICE, OF DIVERSE RACE, GENDER, AGE AND PHYSICAL ABILITY

    Podcast | The Supply Chain Workforce of the Future Is Already Here

    HR & Labor Management
  • GSCMS-Promo.png

    Watch: Introducing the Global Supply Chain Marketing Summit

    Education & Professional Development
  • A HAND TURNS A LARGE, LIGHTED DIAL WITH THE WORD RISK ON IT iStock-NicoElNino-1364371014.jpg

    Measuring KPIs and KRIs for Comprehensive Supplier Performance Management

    Technology

Digital Edition

Scb nov 2022 sm

2022 Supply Chain Innovator of the Year

VIEW THE LATEST ISSUE

Case Studies

  • New Revenue for Cloud-Based TMS that Embeds Orderful’s Modern EDI Platform

  • Convenience Store Client Maximizes Profit and Improves Customer Service

  • A Digitally Native Footwear Brand Finds Rapid Fulfillment

  • Expanding Apparel Brand Scales Seamlessly with E-Commerce Technology

  • How a Global LSP Scaled its Security Program and Won More Business

Visit Our Sponsors

Orderful Yang Ming Alithya
Barcoding Blue Yonder BNSF Logistics
CoEnterprise Data Capture Deposco
E2open GAINSystems Generix
Geodis GEP GreyOrange
Here Honeywell Intelligrated IFM
Infor Inmar Keelvar
Kinaxis Korber Lean Solutions Group 2H
Liberty SBF Locus Robotics Logility
LogistiVIEW Lucas Systems MCA Connect
MPO Nvidia Old Dominion
OpenText ORTEC Overhaul
Parsyl PMMI QIMA
Redwood Logistics Ryder E-commerce by Whiplash Saddle Creek Logistics
Schneider Dedicated Setlog Holding AG Ship4WD
Shipwell Tecsys TGW Systems
Thomson Reuters Tive Trailer Bridge
Vecna Robotics Verity
Verusen
  • More From SCB
    • Featured Content
    • Video Library
    • Think Tank Blog
    • SupplyChainBrain Podcast
    • Whitepapers
    • On-Demand Webinars
    • Upcoming Webinars
  • Digital Offerings
    • Digital Issue
    • Subscribe
    • Manage Your Subscription
    • Newsletters
  • Resources
    • Events Calendar
    • SCB's Great Supply Chain Partners
    • Supplier Directory
    • Case Study Showcase
    • Supply Chain Innovation Awards
    • 100 Great Partners Form
  • SCB Corporate
    • Advertise on SCB.COM
    • About Us
    • Privacy Policy
    • Contact Us
    • Data Sharing Opt-Out

All content copyright ©2023 Keller International Publishing Corp All rights reserved. No reproduction, transmission or display is permitted without the written permissions of Keller International Publishing Corp

Design, CMS, Hosting & Web Development :: ePublishing