How To Answer The Board’s Cybersecurity Questions
The rise of cyber attacks in every industry has prompted long overdue conversations from board members regarding cyber security. If you’ve found yourself wondering how to answer the board’s cybersecurity questions then this one is for you. Fleet Defender, like many companies, has a board of directors. We spoke with our board members who sit on boards of other technology and logistics-focused companies to understand what questions they’ll be asking their executives with regards to cybersecurity and specifically automotive cybersecurity.
This topic will become increasingly important as the SEC is expected to finalize rules for publicly traded companies that will require boards to disclose significant information on cyber governance. Understanding the questions that may be asked can help you create a proactive strategy.
🧠 Think on it: What questions do you predict your board will ask regarding cybersecurity in 2023? What should they be asking?
Do we believe we have any liability of cyber attack in the next 12 months?
Why It Matters:
Cyber attacks are increasing at an alarming rate across all industries, especially Health Care, Supply Chain Logistics, and Transportation. The ability to halt or hold business operations for ransom has become a lucrative business for bad actors. Ransomware is predicted to cost victims over $265 billion by 2031.
Find The Answer:
Establishing the probability of a hit can be difficult. Determine your liability with a risk assessment. Use these existing tools from the Cybersecurity and Infrastructure Security Agency (CISA).
Dive Deeper: Key features of a risk assessment
- Scope: What is included in the risk assessment? What systems are mission-critical and start there.
- Risk Identification: Create a network architecture diagram from your asset inventory list. Utilize the Cybersecurity and Infrastructure Security Agency (CISA) tools to understand the current threat landscape and identify what type of attack can happen on assets and the consequences if the attack occurs.
- Risk Analysis: Determine the probability of an attack based on the discoverability, exploitability, and reproducibility of threats. Assess these threats based on vulnerability rather than historical occurrences. Rate the threats.
- Risk Evaluation: Prioritize risks and tasks. What mission-critical systems take priority to ensure protections are in place to reduce the risk of a cyber attack? Prioritize by determining what systems will remain vulnerable to attack if left unchanged and what are the consequences if the vulnerabilities are exploited.
- Documentation: Document all identified risk scenarios in a risk register. Regularly review and update the risk register. Include risk scenario, identification date, current risk level, treatment plan (plan to bring risk within an acceptable risk tolerance level and investment needed), progress status of the treatment plan, residual risk (risk after treatment plan), and who is the risk owner.Â
Do we have a mitigation or incident response plan in place?
Why It Matters:
A good incident response and recovery plan covers a prioritized list of tasks and the people who should be contacted in order. A good plan can help mitigate negative press, continuing damage to the business and reputation, and avoid fines
Find The Answer:
Create a mitigation and response plan using existing tools. Get started with CISA’s Cybersecurity Incident & Vulnerability Response Playbooks.Â
Dive Deeper: The six phases to include in your incident response and recovery plan
- Phase 1 – Prepare: The best way to ensure good performance is with good practice. Conduct training and drills with your employees so they understand their responsibilities within a breach scenario. Assign responsibilities to team members. The plan should address: Who is the team leader, the lead investigator, communications leader, c-suite representative, legal, and breach response experts. Create your emergency contact and communications list. Create a forensic analysis list.
- Phase 2 – Identify: Do you have the systems currently in place to determine if you’ve been breached? Fleet Defender is one monitoring and detection solution to identify if a breach or attack occurs on your platform so you can take action to prevent the attack from succeeding. Learn more about the Fleet Defender onboard system for platforms here.
- Phase 3 – Contain: If you determine a breach has occurred the next step is containment. Like any crime scene, it’s important to get control of the scene without destroying important forensic data. Don’t wipe the system yet. Identify the inadequate policies and procedures that led to the breach.
- Phase 4 – Eradicate: Remove malware, harden, patch systems, and provide updates. Work with a third party if needed to ensure all malware is removed. Return to baseline configuration if necessary.
- Phase 5 – Recover: Now that you have identified how the breach occurred and have made the appropriate changes to harden your defenses from future attacks. It’s important to test the system before reintroducing it back into production or normal operations.
- Phase 6 – Review: After the forensic investigation, meet with all incident response team members and discuss what you’ve learned from the data breach. Revise the incident response plan as needed.
Is there anything we can do proactively to defend against cyber attacks?
Why It Matters:
There are many existing systems on the market to harden your cyber defenses. The cost of these systems is decreasing.
Find The Answer:
Determine the systems you’re using today and evaluate their adoption. Low-cost and free defenses include Multi-Factor Authentication, password managers, software updates, and training. Additional systems like Fleet Defender offer on-platform protection for low monthly costs.
Know Your Options: Here is a list of the most common and top-rated cyber-defense options
- Implement a Zero Trust policy
- Enable Multi-Factor Authentication
- Conduct Phishing Email Training
- Conduct Regular Penetration Testing
- Keep Software Up-to-Date
- Utilize a Password Manager like 1Password, Dashlane, or LastPass
- Fleet Defender: Real-time monitoring and defense for sea, land, air, and space platforms and vehicles
What is the cost of Cyber Insurance? Are there ways to reduce insurance costs?
Why It Matters:
Cyber insurance is not included in most general liability policies. Additional cyber insurance can be costly. Understanding ways to reduce this cost can have a significant budget impact.
Find The Answer:
Discuss your cyber security coverage with your insurance broker. Inquire about reductions in rates by conducting anti-phishing training or installing systems like Fleet Defender.
By The Numbers:
- Current research on cyber insurance and changes to liability insurance.
- Cyber insurance premiums increased by 28% in the first quarter of 2022 compared with the fourth quarter of 2021.
- Most general liability insurance plans won’t cover the cost of a cyber breach.
- Cyber insurance costs have factors including the type of business, size of company, industry, amount of sensitive information the company maintains, annual revenue, strength of security measures, coverage level, deductible, and claims history.
- Reduce cost by using antivirus, VPNs, and having a risk assessment and response plan. Use systems like Fleet Defender.
Can we afford to continue to ignore these threats?
Why It Matters:
The average monetary cost of a cyber attack was $4.35 million in 2022. Ransomware attacks cost an average of $4.54 million in 2022. There are non-monetary costs to a cyber attack including reputation and safety.
Find The Answer:
Developing a zero-tolerance approach is unrealistic. Utilize your Risk Assessment to prioritize your current vulnerabilities. Understand what is required when filing a cyber insurance claim. Communicate the importance of good cyber stewardship to the team.
By The Numbers:
- Cybercrime costs will grow 15% per year. Cybercrime will cost the world $10.5 trillion annually by 2025.
- Average cost of a ransomware breach was $4.54 million in 2022.
- Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of IP, theft of PII data, fraud, and risk to human life with regards to telematics.
- Average cost of a tractor-trailer accident pulling one trailer is $172,292. The cost of a fatality costs over $7.2 million.
- Average cost of a data breach in critical infrastructure organizations was $4.82 Million.
- What is our tolerance for the financial and human impact of getting hit?
Conclusion
Understanding how to answer the board’s cybersecurity questions starts with understanding the tools and frameworks that create good cyber governance. Many of these tools and frameworks are free to use and download. If you have any questions about creating a simple cybersecurity plan or need help answering a particularly difficult question from your board give us a shout on our contact page.