How can we increase communication and collaboration to build resilience against converging cyber and physical threats?

Guest blog by Shimon Modi, VP Product Management, Cyber at Dataminr #NatSec2024

In today’s world, organizations are challenged with an exponentially increasing threat landscape that has blurred the lines between cyber and physical risk. Security leaders now face a growing number of cyber-physical threats, ranging from physical threats to IT/OT/IOT infrastructure, disruptions caused by geopolitical instability, and cyber attacks with physical world consequences.

As seen in September 2023, one of the world's largest hospitality and entertainment companies, MGM Resorts International was hit with a cyberattack that affected multiple hotels and casino locations around the world. Reports said the shutdown impacted everything from its websites to hotel room digital keys to slot machines. Addressing these threats requires communication and collaboration across an organization to enhance preparedness and build resilience. Moreover, institutions must be as informed as possible on the evolving nature of the converged cyber-physical threat landscape. For example, in 2023, a total of 2,207 U.S. hospitals, schools and governments were directly impacted by ransomware, with countless others indirectly impacted by the impact of the attacks on supply chains.

While it is not possible to know exactly when a threat will emerge or what form it will take, there are a number of steps organizations can take to enhance preparedness and build post-event resilience:

Draft a Crisis Playbook

Global crises like the pandemic and Russia’s invasion of Ukraine have reinforced the idea that everyone must be prepared for anything. Drafting a crisis playbook is a good first step in ensuring that an organization knows what to do in an emergency. Action plans help employees and customers alike to keep calm in stressful situations. It should be drafted ahead of time and include a range of potential scenarios and best practices if a company is faced with a cybersecurity threat. The playbook should also highlight those in the organization who are responsible for executing various elements of the response plan.

Conduct Tabletop Exercises

A tabletop exercise is a discussion-based session where a team reviews their roles and responses during an emergency, and usually includes an example scenario that participants are guided through. They can be particularly useful for crisis preparedness in case of a cyber-attack because they are cost-effective and only take a few hours.

Create Incident Management Processes

Incident management is the process of identifying, analyzing and correcting any organizational interruptions or hazards as quickly as possible. The goal is to fix these issues before they become large-scale, company-wide crises and to prevent them from reoccurring. These processes offer an AI and technology-centric approach to risk mitigation that is beneficial to an organization for several reasons, including increased efficiency, reduction in employee downtime and improved customer experience.

Invest in Vulnerability Intelligence and Real-Time Communication

Companies should be aware of potential weak points in their technology infrastructure and take precautionary measures to protect them from attacks. Once identified, security leaders should maintain a consistent stream of communication with one another to gain situational awareness of potential or unfolding incidents and stay on top of threats.

Final Thoughts

Many organizations have been slow to keep up with evolving cyber threats amid the pandemic and heightened geopolitical tensions. A Dataminr-commissioned survey conducted by Forrester revealed that 70% of leaders in the security sector experienced at least two separate critical risk events that endangered their organization over the past year alone. The study also revealed that an alarming number of leaders lack an adequate understanding of the systemic risks their organizations face, which suggests that crisis planning is woefully inadequate.

To keep up with the evolving nature of today’s threats, including converged physical and cyber attacks, organizations need to build channels for communications and collaboration and take concrete steps to understand, prepare for and respond to the risks that are currently present and those that are emerging every day.

National Security Programme

techUK's National Security programme aims to lead debate on new and emerging technologies which present opportunities to strengthen UK national security, but also expose vulnerabilities which threaten it. Through a variety of market engagement and policy activities, it assesses the capability of these technologies against various national security threats, developing thought-leadership on topics such as procurement, innovation, diversity and skills.

Learn more