As we all know at this moment, Grand Ethiopian Renaissance Dam is a multi billion dollar project funded by Ethiopian own peoples and will be the largest hydroelectric power plant in Africa when completed. Its primary purpose is to generate electricity production to relieve Ethiopia’s acute energy shortage. Currently the dam is ready for the third round of water filling.
According to the News in Africa blog, "Director General of Ethiopian Information Network Security Agency (INSA) said that the Agency has thwarted planned cyber attacks targeting the Grand Ethiopian Renaissance Dam (GERD) and major financial institutions. The failed cyber attacks include attempts to impeded the works of the GERD by targeting 37,000 interlinked computers used by financial institutions, according to him". In addition, the blog stated that "the director General advised financial institutions to put in place all necessary defensive measures against such attacks".
Often organizations are thinking prepared for the due day, but when it happens they claim each other or they mention that "they didn't think it happens like this" or keep silent as if nothing happened.
I was at the Cyber Security Nordic event a couple of weeks ago and from most of the key speakers, one of my takeaways from the event was from @MennyBarzilay's. He mentioned three very important pieces of advice once any organization encounters an incident, especially ransom warfare.
Don’t hide your compromise, it'll only make it worse
Lack of evidence is not evidence of everything being ok.
Don’t lie to media it’s bad PR
Even Though we don't know in detail the magnitude of the attack targeting the GERD, I appreciate H.E Director General Dr. Shumete for coming forward and providing information about the cyber attack. I also want to recognize that the Ethiopian government was ready and defended the cyber attack toward the one and only GERD dam. Though currently the GERD is not fully operating, ransom attacks have already started. Since the dam has a significant role in Ethiopian economy and attracts the adversaries attention. So the preparedness from Cyber attacks is the big issue and a million dollar question. Preparing in terms of technology, building peoples and making them strong with continuous training is so crucial and needs a huge investment. Leadership needs to navigate the readiness culture of the organization and make influence on continuous practice and do it propositionally before the crisis happens. Investing is better in the preparedness rather than waiting for it and losing a lot of assets when the incident happens. The bigger the organization the worse readiness.
The mindset of Ethiopians with technology oriented solutions!
My father in law mentioned that "if nothing is happening, all is good ''. Cybersecurity is a complex domain and needs a lot of disciplines, however it starts from the basics. In many cases unless there is transparency to the security of the environment, the attackers may not be recognized and the organization doesn't know what's happening. So silent is the "status quo".
The industry never gets easy but from time to time it is so strong and complicated. Antivirus is not anymore the only solution, people process and technology has to be Endpoint Detection and Response (EDR). Organizations need to have at least a high level of EDR plan, time to respond and how to respond. On top of that professional experts with continued training makes them familiar with any change and learn the incident by doing. Their readiness allows them an opportunity to be a part of the real situation while keeping simultaneous practices and molding them to handle huge and more complex situations.
One of the critical aspects of in order to be a well secured organization, beyond having a well trained professionals, it is very important that organization needs to have a technology oriented solution that allow them overall visibility to their infrastructure to prepare, to be ready to response, to discover any uninvited guests so that they can detect and respond in a timely manner.
Building well practiced team that understands the current situations starts at home and looks at what they have and improves it and adds something on it to make it better. A stress test is good as a table test and combines it with legal issues so that the team won't mess up with data privacy.
Making mistakes is molding the expertise extraordinarily!
Once you create a culture of continuous training, make sure that evaluating the overall internal stakeholders from compromise to big incident how they have performed their duties and with respect to their roles. In any circumstances organizations will face a cyber attack and it is not about why but it is when. So any organization needs to have a proactive approach to multidimensional attack vectors and learn from them. Making mistakes is molding the expertise and acknowledging the experts or any staff of the organization to not be nervous to failure. Because it is good to understand early where the deficiency of the mistakes is and one can work on it early. Work on what you find out and authenticate it and move forward.
Once the incident happens, communication in the time manner is the key to build the trust of the customers and stakeholders. Rather than panicking, it is advised to understand what and when it happened. That provides the response team a perfect situation to prepare for the feature. Planned process and continuous training allows the organization to respond in a timely manner.
Business owners have to understand the overall cyber risk and participate in the planning process. Thinking of an incident or any cyber attack as an IT- problem is not the way to protect one's own assets, but all stakeholders need to participate proactively with respect to each role. The IT department is also aware of any system acquisition outside of its responsibility so that Shadow IT won't emerge.
What then, once it happened?
Perfection is not something that no one can achieve continuously. As human beings we have a reputation to learn from others, however in terms of incident response, unfortunately you don't have any chance to learn from others. Be active in the Cybersecurity attack domain news and prepare from others mistakes. According to Brazil's airport authority via abc NEWS, "(Friday 27.5.2022) it has notified the Federal Police over an apparent hack into electronic displays at an airport in Rio de Janeiro. Instead of advertisements and flight information, travelers were shown pornographic movies"
Benefit with the information available from business critical incidents and learning from them and being prepared and making sure that you have that mindset. Speed is the censor in the incident response and communicating with the responsible people once you understand it has happened and achieve the benefit of the company.
You can build latest cybersecurity readiness with basic tools
Without the proper cybersecurity training, the staff could be the biggest threats to any organization's security. Organizations can reduce their risks of successful cyber attacks by training their employees on a regular basis and making them "always ready" mindset. I leave you with the top and basics four tools about how to defend cybersecurity threats. I believe these are very important issues that any organization should know and take into consideration to implement without any hesitation.
Add password security questions along with the password policy that leverage the security level high and defend the fake answers.
Teach staffs to pay attention to the phishing scams so that they won't work within your organization users
Activate a two factor authentications as a primary way to keep sensitive account safe
Don't use public Wifi- because it scrutinize your security or credentials
Commentaires