In the ever-evolving landscape of cybersecurity threats, it's crucial for organizations to prepare for potential cyberattacks. In this article, we explore key takeaways from "Ghost in the Machine", an episode from Apple TV’s “The Morning Show”. Although fictitious, it sheds light on the importance of proactive measures and strategic planning in the face of cyber threats, and touches on three critical aspects of cybersecurity: Bring Your Own Device (BYOD) policies, incident response planning, and the role of the Board in managing cyber risks.
In this episode, we witness the chaos that ensues when a cyberattack disrupts the daily operations of a fictitious news network. The episode begins with news anchors interviewing one of their colleagues. As they engage in light banter, the camera shifts to the control room, where the technical team manages the show's production. However, a peculiar incident unfolds as the cursor on the computer screen starts moving on its own, seemingly without human intervention.
Suddenly, the teleprompter goes dark, the control room doors lock, communication with the studio is lost, and the power is cut. Confusion reigns as the staff grapples with the unknown situation. It becomes apparent that the network is under a cyberattack. After power is restored, employees receive enigmatic emails on their devices. The CEO of the network is confronted with two emails—one demanding a staggering ransom payment of $50 million within 48 hours and the other revealing sensitive information in the attackers' possession.
While "Ghost in the Machine" is a sensationalized portrayal of a cyber incident, it provides a backdrop to discuss real-world cybersecurity challenges. Cyberattacks are not spontaneous events; they are typically the culmination of meticulous planning and reconnaissance by threat actors. Attackers infiltrate networks, gather intelligence, and gain knowledge about their targets before launching an attack that can bring an organization to a standstill.
This episode prompts us to consider three crucial aspects of cybersecurity:
The concept of BYOD has been gaining prominence in organizations since Intel introduced it in 2009 to accommodate employees who prefer to use their personal smartphones, tablets, and laptops for work. The appeal is clear; it can reduce capital expenditure for companies. However, BYOD comes with its own set of security and data loss concerns. What happens to the organization's data if an employee leaves, or if their personal device is lost or stolen?
Mobile device management was introduced to address these issues, allowing organizations to encrypt data on personal devices and remotely wipe it if necessary. However, during a cyberattack, any device connected to the network can potentially be compromised. In the case of "The Morning Show," employees are required to submit their devices for a 'cyber hygiene check' when the network is compromised. It serves as a stark reminder of the risks associated with BYOD.
Organizations should carefully assess these risks and implement strong BYOD policies. Routine testing and hardening of the network environment are essential to avoid learning lessons through actual cyberattacks.
In the world of cybersecurity, failing to plan is tantamount to planning to fail. Incident Response Plans (IRPs) are the key to effectively addressing cybersecurity events such as data breaches, data leaks, and cyberattacks. IRPs are not static; they need to adapt to the ever-changing environment of technology, roles, and responsibilities within an organization.
Regular review and refreshing of IRPs are crucial, as are routine training and testing of the plan through tabletop exercises. These exercises help organizations understand how to respond when faced with a cyber threat, minimizing panic and ensuring a coordinated response. Just as sports teams practice repeatedly, organizations should rehearse their incident response plans to build preparedness.
The role of the Board in cybersecurity has evolved significantly. In "The Morning Show," the Board was faced with a crucial decision: whether to pay the ransom or not. The question of ransom payments is increasingly a hot topic in boardrooms, as it can lead to frustration and disagreements during a cyberattack. Boards must understand that cybersecurity is an enterprise governance and risk issue, not merely a technical matter handled by IT.
Cyber threats can have a profound impact on an organization's valuation, making cybersecurity and data privacy boardroom governance concerns. Regulators, such as the U.S. Securities and Exchange Commission, are increasing oversight and requiring public companies to disclose cybersecurity-related risks. Downplaying or concealing the truth about an organization's cybersecurity posture can lead to severe penalties for both the organization and its individuals.
Paying a ransom becomes an ethical matter, as it can result in various sanctions in some jurisdictions. The U.S. Department of the Treasury, through the Office of Foreign Assets Control, advises organizations to pay ransoms only as a last resort. Boards must carefully consider these implications.
In the age of digitalization, cyber threats are a reality that organizations cannot ignore. To stay ahead, organizations must:
The events in "Ghost in the Machine" may be fictional, but they serve as a reminder of the evolving landscape of cyber threats. As we navigate the complexities of the digital world, it's essential to acknowledge that cyber threats are not confined to the realm of fiction. Organizations need to be proactive in safeguarding their assets and should collaborate with experts to effectively do so.