When to pull the plug on an ecommerce site

The Tesco website outage late last year reminded us of the fragility of enterprise cyber security. While organisations in every sector are at risk, cyber criminals often choose their targets based on the potential to cause disruption at scale and in the full glare of negative publicity.

Those reliant on ecommerce services are prime candidates for attack. Not only can a breach bring an immediate and major financial impact, but the disruption is often amplified by customers sharing justifiable concerns about whether their data is safe and when services will be restored.

Adversaries rely on the pressure this puts on organisational leadership – some of whom must determine when to pull the plug on their ecommerce sites. Doing so is, of course, not always at the behest of the CEO or chief information security officer (CISO) – the decision can be taken for them if an attack is particularly effective or poorly defended.

To explore the issues, I spoke to Dougie Grant , a cyber security veteran with 25 years’ experience, with the last five spent in the NCSC Incident Management Team before becoming a director at UK-based Nihon Cyber Defence.

To be better prepared, he believes leaders first need to engage with cyber security more effectively. “In the past, organisations have dealt with cyber attacks as a matter only for the CISO,” said Grant.

Instead, they should be treated as business-wide crisis management incidents and addressed with a holistic response led by the CEO. This should include finance, communications and legal teams, and, ideally, every internal stakeholder must be involved in the planning process and fully understand their role when a crisis hits.

That’s a key point. Yes, the CISO is critical in addressing the technology issue and driving the recovery process. And while, ultimately, it will be the CEO who gives the final […]

Click here to view original web page at www.computerweekly.com

On y est presque!
À quelle adresse dois-je vous envoyer le Guide?