Flash to bang is typically associated with the time between a lightning strike and the thunder that follows. This is used to estimate how far away the lightning strike is. In the security world we could use the same analogy, given the flash is the initial compromise and the bang, well that could be ransomware across the entire network.
It is evident that over the last couple of years the average time between flash to bang has becoming significantly shorter. According to the latest CrowdStrike Threat Report titled “Nowhere to Hide”, the average “Flash to Bang” is just 1 hour 24 minutes down from 4 hours 37 minutes in 2020. Nevertheless, for most organisations, this now means to the time to detect, investigate, and remediate is now shorter then ever.
How do you prepare your organisation and security team in the event a cyber-attack occurs? In relation to the ‘bang’ analogy, there are three key distinct areas of focus.
Given the time between “flash to bang” is so short, it makes sense to focus on the left of bang. The priority should be to make it as hard as possible for the flash to occur and to reduce the bang, because let’s face it, it’s not a matter of if but when.
So, how do you make it harder for the adversary and where do you start? Below are a couple of recommendations:
- Regular Backups – Regular backups should occur and the time between backups should be defined in your backup policy. In the event a cyber-attack occurs or disaster strikes, being able to restore basic business functions sooner will likely have less of a financial impact.
- Staff Security Awareness Training – This should be delivered annual to existing staff and as part of the onboarding process for new employees. The content of the training should be tailored towards specific groups of personnel for example, HR, IT and Finance may all have extra responsibilities beyond a normal employee.
- Vulnerability Management – A good vulnerability management tool should be employed to identify vulnerabilities. A vulnerability management process should also be defined to review and remediate, ultimately reducing the attack surface.
- Incident Response Plan – “Failing to plan, is planning to fail”. Having an incident response plan is not enough, the plan should be tested periodically to ensure any gaps are identified and addressed. Testing also helps to build confidence amongst the teams involved in an incident, should it occur.
The above mentioned are just a few examples but are a good place to start. Ultimately, to have the best chance in improving your security posture, you need the support of the senior executive team.
Learn more about the Intalock Advisory Service and how to protect your organisation with cyber security solutions.
Download the Intalock Advisory Services Overview – Information sheet.
If you are experiencing a cyber attack now, contact the Emergency Hotline 1300 554 798 or