Cybercrime and Cybersecurity

According to the National Cyber Security Centre (NCSC), ransomware attacks in the UK have drastically increased since 2020. The same number of ransomware attacks in 2020 was around the same number reported in the first four months of 2021 (E&T). These kinds of attacks are only increasing and threatening major disruptions in the supply chain. DCMS Cyber Security Breaches Survey reports that “39 percent of all UK businesses reported a cyber breach or attack in 2020/21” (E&T). If I was a leader in the US Cybersecurity and Infrastructure Security Agency (CISA) and the UK contacted us for help due to the increasing ransomware attacks, this would be my plan of action.

For the commercial facility sector, I would facilitate the NIST Framework for Improving Critical Infrastructure: Cybersecurity Framework Implementation Guidance (U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency). In my attempts to help the UK’s commercial sector I would first follow the Framework provided by NIST. The Framework has five key functions: Identity, Protect, Detect, Respond, and Recover.

1. As a leader, I would hire the best team we could afford. Once our team is established, we will first Identify the key risks in cyberspace that the commercial sector is currently being exposed to. We would then identify what assets, data, and systems need the highest form of security within these commercial sectors. We will also notify local and national governments to establish a working relationship for any needed assistance to reach the goal of top security for the commercial sector.
2. Then we will implement Protection for those assets that we identified as the top priority by ensuring that safeguards are set in place. We would identify who has control access over particular systems and determine the management for those controls.
3. Next, we will implement necessary hardware and software security to the appropriate systems as well as implement employee security awareness training to help Defect cyber security breaches and attacks.
4. We will then establish a crisis and Response plan that provides an organized approach when a cybersecurity event does take place. We will provide essential communications promptly when a cybersecurity event occurs. As well as provide improvements for different defense strategies.
5. And lastly, we will develop a Recovery Plan to re-establish business operations after a cyber incident has occurred. We will review the cyber incident and innovate new strategies and policies to help prevent similar incidents in the future.

Scenario:

When a phishing attack occurs, our team would first identify what email the phishing attack originated from. From there, we would analyze the email and determine what social engineering strategies or malware-based strategies were facilitated and send an urgent memo to warn staff about the current phishing email going around. Our team would then attempt to contain any unauthorized access breached by the phishing email. Once contain, our team will do what is necessary to eradicate remnants of a possible breach, so it doesn’t turn into an attack. We would then follow the recovery plan that is set in place and restore any systems through our backups that might have been damaged during the incident. Once the incident is cleared, we would then do a post-incident review to understand how the event occurred and how we can place better detection and preventable strategies to help avoid any similar event from occurring in the future. These steps are like cyber operations in the military sector; however, the non-military sector does not take steps for offensive measures as they do not have the proper authority to take those kinds of actions.

Resources:

Cybersecurity and Infrastructure Security Agency. “Commercial Facilities Sector: Cybersecurity Framework Implementation Guidance”, U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency, May 2020. https://www.cisa.gov/sites/default/files/publications/Commercial_Facilities_Sector_Cybersecurity_Framework_Implementation_Guidance_FINAL_508.pdf

E&T “Ransomware is cyber-criminals’ weapon of choice; UK retail facing barrage of attacks”, November 2021.  https://eandt.theiet.org/content/articles/2021/11/ransomware-now-cyber-criminals-weapon-of-choice-as-uk-retailers-face-barrage-of-cyber-attacks/

Thompson, Eric. “Cybersecurity Incident Response”, Apress, September 2018. https://learning.oreilly.com/library/view/cybersecurity-incident-response/9781484238707/