In a market that is relatively new to emerging technologies, the cybersecurity leader at Ernst & Young in Singapore recommends that all companies must have a response mechanism in place that deals with how to react to any cyber attack, including communication to both internal and external stakeholders.
On Monday morning, Honda was forced to halt production at one of its Japanese plants following the discovery that its systems were hit with the WannyCry cyber-attack. When the news broke, the company stock price fell from US$ 27.71 to US$ 27.59. The plant in question is just north of Tokyo and produces over 1,000 vehicles a day, including the Honda Accord and the Odyssey Minivan. While other plants have remained unaffected, the situation has become far too common in a new reality where integrated systems require end-to-end encryption to preserve the integrity of business operations.
While the situation could have been prevented had Honda opted to install a policy around authentic software across all plants, similar attacks require much more to prevent harm.
"Essentially if we look at the Ransomware that's been out there, a lot of targeting is based on the malicious malware and it is also targeting vulnerabilities in operating systems or applications," said Gerry Chng, the Asean cyber security leader for Ernst & Young in Singapore. "So one of the key things that organizations and individuals need to do is to make sure their software is updated. That would definitely help in a lot of situations. It won't solve all the possible situations because there could still be ransomware and malware that's been written using vulnerabilities that are yet unknown."
Chng advises companies to develop sensing capabilities that seek to understand what is happening and trying to get in, the resist and protection mechanisms, and the reaction. "In response, it's about 'how do you recover from the damage that has been done?'," he said. "There will also be aspects of corporate communication to go out, especially in today's social-media world. If you remain silent when the whole internet is making speculations, that's where reputation damage can be done and it's very hard to repair."
So, if nothing else, Chng suggests that business should consider and map out scenarios that outline their response mechanism to an attack before it happens. He recommends that companies go through exercises that practice what the company representatives would say and do in the event of an attack.