TÜV Rheinland Blog - Insights from Asia and Africa

Preparing for Unexpected Cyber Attacks

Posted by TUV Rheinland on Mar 2, 2022 10:55:09 AM
TUV Rheinland

Preparing for Unexpected Cyber Attacks |  TÜV Rheinland Recently, there has been an increasing number of cyberspace attacks reported in the media. What do companies need to do to protect themselves from such dangers? To start, companies should focus on strengthening the cybersecurity of their corporate infrastructure and IoT products. Click here to view Japanese article.

 

Cyber Attacks on Corporate IT - CSIRT
Due to the COVID-19 pandemic, many companies have introduced “Working from Home” policy for their employees. Thus employees are accessing internal corporate networks from outside the office. It is critical that companies fortify their cybersecurity management system to serve and protect their operations.

 

What is a CSIRT
Companies need to establish an internal taskforce called the “CSIRT”. CSIRT (Computer Security Incident Response Team) is a team that responds to computer security incidents. If you are hit by a cyber-attack, it will take time to recover, and in some cases, legal action may be required. Taking too much time to address the aftermath of a cyberattack makes it difficult to continue operating a business. It also damages a company's brand and credibility. The important thing is to build a defence system, be able to recover quickly and regain the trust of your customers.

 

Respond quickly as a team: A rigorous response in every aspect of the organization including HR systems, Internal Tools and Processes
Cyber ​​security incidents cannot be dealt with by security experts alone. It is important to establish a system where every department can quickly cooperate and respond, such as contacting senior management and sharing information between departments.

1. Organization Clarify the departments involved in case of an accident

2. Employee Clarify the areas of responsibility of each member

3. Tools Identifying in-house tools that require cyber security measures

4. Process Build necessary processes such as reporting when an accident occurs, investigating, analysing attacks, responding to recovery, and formulating recurrence prevention.

 

Cyber ​​Attacks on IoT Products - PSIRT
With the development of communication technology, it is now very convenient to connect different independent devices. However, cybersecurity threats increase as the number of IoT devices increases. Being always connected to a network means that you are always a possible target for cyber-attacks.

 

What is PSIRT
It is critical to create a taskforce called the PSIRT to deal with cyber security measures required for IoT device development. PSIRT (Product Security Incident Response Team) is a team that responds to product security incidents. In the world of IoT devices, where technological progress is remarkable, product development methods have changed significantly from traditional methods, making it difficult to complete all development with our own resources.

Specifically, OTS (Off The shelf Software: commercial software such as Windows) and OSS (Open Source Software) are used, and the outsourcing of developing smartphone applications are becoming more common. Therefore, even if it is an in-house product, there will be components that will eventually become potential security threats. In order to ensure the security of IoT products, PSIRTs are required to support the entire life cycle of product development: from formulation → design → implementation → testing → post-shipment support.

 

Cross-sectional team - Clarify what you can and cannot do to reduce operating costs
Product cyber security measures are not completed solely by the response of individual departments. Other departments are involved as well - such as a sales / maintenance team that has many opportunities to interact with customers, a legal team that examines legal requirements, a public relations team that handles communication in the event of an accident, etc. It is necessary for both internal and external stakeholders to work together as one. Above all, support from management is the key to success.

 


At TÜV Rheinland, cybersecurity experts are available to meet the
challenges of our manufacturing customers’ cybersecurity needs!
🔎 Visit us website for more information

Alternatively, email us at info@jpn.tuv.com to connect with our experts.