We’ve all experienced the noise levels rising in the build-up to the elections this coming Tuesday. And after November 3rd the foreign misinformation and disinformation campaigns aren’t going to stop as we wait to ensure ballot certification across all 50 states. But there are a few concrete steps that businesses can take to prepare for cyberattack during the elections.
1. Freeze IT / System Changes
In periods of uncertainty, it’s best to keep things simple. That’s why the first and best piece of advice for any business right now is to put a hold on IT and system changes.
Try to have minimal change in your IT staff in order to maintain as much stability as possible.
2. Know Which Critical Assets to Protect and Do So Firmly
Every organization has those crown jewels that are critical to keep business running. In order to protect the business, we must therefore clearly identify those critical assets and put systems and processes in place to protect them.
The first step in protecting those crown jewels is identifying what assets are the most important to maintaining operations and then documenting those. CISA provides a helpful structure for recognizing and managing an organization’s assets. Some of those priorities may include people, customers, technology, information, systems, processes and other internal and external assets. After outlining all of those assets, you should then create a list of priorities and create a plan of protection.
3. Know Who to Call in Event of Cyber Crisis
With nation-state actors and interests at play in global politics and our national elections, it’s important to know where your place is as a company. As former RSA chairman Art Coviello has said, companies don’t and shouldn’t go up against a nation-state. That’s not the mission or objective of your business. The best thing that businesses can do is to have a plan and know who to call in the event of a cyber crisis.
If you are seeing any type of cyberattack or suspicious activity, you should let your local FBI office know. If you see any suspicious activity on or before Election Day you can report it to www.fbi.gov or www.justice.gov by clicking on the Contact Us tab and submitting a tip.
4. Have a Business Continuity Plan in Case of Shutdown
Even with the most careful planning and preparation, there is always the possibility of a cyberattack or shutdown. You don’t have to be a cyber expert or know all of the intricacies of foreign actors battling it out in cyberspace to have a business continuity plan.
Having a plan in case of a shutdown will greatly increase the likelihood that you will be able to recover successfully and respond appropriately in the event of an incident. The plan should specify the team leader in charge of response, the team members under this person’s command and their responsibilities, and the priorities and necessary steps that should be taken by who and when.
5. Run Scenarios
Once your business continuity plan is in place, you should practice running through several different scenarios. Not just having the plan, but practicing the plan is critical so that all players are aware of the actions and steps they must take in the event of a breach or attack.
You should run scenarios for the best, most likely and the worst case; and you should do this several times a year. Then, while testing, you should look for gaps and shortcomings in the system you developed and update it accordingly.
Remember that cybersecurity is no longer just an expense, it’s a necessary functionality of conducting business. The stakes are much higher than they once were, your infrastructure could be taken over and used to deceive and attack your customers and resulting in a pile of lawsuits and ruin for your brand. Take this seriously and plan accordingly.
6. Go Threat Hunting Now
Once the business interests are aligned, CISOs must recognize that they can’t anticipate what they don’t know about. Therefore, it’s of paramount importance to conduct cyber threat hunting and find out what you don’t know and what could be lurking in the system.
You should be looking for behavioral anomalies within your own infrastructure and ecosystem and verifying the severity of the threat. Despite the endpoint security measures you may put in place, there is always the possibility that a malicious actor slipped through and is quietly biding time in the network, gathering data and preparing to move laterally through the environment or even using island hopping to launch an attack on a larger target.
7. Deploy Deception Technology
Another step that security teams should take is deploying deception technology. In the event that a cybercriminal was able to break through your defenses and is hiding within the system, deceptive technology lays traps for the malefactor to fall into.
These lures are meant to trick the cyberattacker into thinking they have found a way to launch an attack or escalate privileges. But in fact, once triggered they will send off a signal to the security team, allowing you to track the behavior and ensure that no damage is done. Additionally, the information you collect can inform further threat hunting activities.
There is no one solution to stop all attacks or make sure your business is completely secure during this tumultuous season leading up to and after the elections, but hopefully these 7 tips will put you on the right path forward.