The Universal Requirement for a Cyber “Fire Brigade”
Based on Present Need and Historical Precedent
Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.
The annual probability of a person experiencing a fire is 1 in 3000; the odds of a cyber attack are 1 in 3. And yet, the majority of businesses remain unprepared to respond to a cyber incident.
Despite the almost universal presence of fire prevention measures in offices worldwide, modern businesses still expect and even demand 24/7 access to fire responders at a moment’s notice. Why then have we not reached the same level of maturity, readiness, and response for more frequent and potentially even more financially damaging cyber incidents?
In the following article, we explore the historical failures and evolution of the fire risk management industry alongside the rapid development of cyber threats worldwide to propose that there is a clear and present need for a modern cyber “fire brigade”.
Cyber attacks are a relatively new phenomenon, arising in the 20th century and representing a serious threat in the 21st. Thus, the awareness and capabilities for handling these attacks are not yet as established as they are in other fields—though they are rapidly improving.
Even the formal role of a firefighter is a historically recent one. Prior to the 1600s, individuals and businesses alike were more or less expected to prevent and handle fires on their own. It was not until the Great Fire of London (and the devastating financial loss that followed) that the private sector shifted its perspective on fire safety, fire insurance, and the importance of maintaining trained fire response specialists on call.
In fact, we believe the history of the fire insurance and firefighting industries provides insightful and compelling historical precedent for both the present and future of cyber incident response.
Before the fire brigades…
In 1666, the city of London almost completely burned to the ground. The root cause: a baker’s oven and the practice of building almost exclusively with wood. The event is known as The Great Fire of London.
With no fire brigades established at the time, Londoners had to fight the fire themselves with buckets of water. While few deaths were recorded, some estimates place the destroyed property value at over USD 2 billion in 2021.
Following the fire, much of London needed to be rebuilt—requiring sums of money most people did not have. From this devastating experience, fire insurance was born. The first insurance company, the Fire Office, was set up in 1680 and was soon followed by others. By 1690, one in ten houses in London was insured for fire-related damages.
These newly established fire insurers quickly realized that effective fire response was far less expensive than paying for badly damaged properties. As such, the private sector established the first fire brigades, employed by the insurers to minimize damage and reduce financial loss.
These insurers held reciprocal arrangements, such that the fire brigade of one insurer would be reimbursed if responding to a fire insured by another. Before long, the major insurers recognized the value and efficiency of building a single, unified force to watch over London. Thus, in 1833, the London Fire Engine Establishment was created.
Most businesses today are like 1600s Londoners—futilely facing cyber “fires” with the digital equivalent of water buckets.
However, in the same way that fire insurance and firefighting only catalyzed in the aftermath of a major fire incident, cyber insurance and incident response have also quickly developed in the wake of growing cyber threats worldwide.
While cyber attacks initially emerged as minor disruptions to digital systems, recent incidents have achieved almost biblical scale. Some of the great cyber attacks of today include the 2017 WannaCry ransomware attack—which disrupted the global healthcare industry causing damages for over USD 4 billion worldwide—or the recent attacks which led to the most expensive ransom demand in history, namely the CNA Financial attack at USD 40 million and the Acer attack at USD 50 million.
At Blackpanda, we believe the overwhelming rise in cyber attacks requires a proportional prioritization of response and risk transfer solutions beyond prevention alone. Preventive measures are regularly proven insufficient for thwarting cyber attacks. As such, fast and efficient cyber incident response is essential to limiting long lasting damage to your organization.
The world, and Asia in particular, requires a new approach to cyber security.
"While cyber attacks initially emerged as minor disruptions to digital systems, recent incidents have achieved almost biblical scale"
Prevention Alone is Futile
Prior to the Great Fire of London, people relied heavily on prevention to manage fire risk. However, preventive measures alone will never fully eliminate any risk—nor can it prevent the baker next door from spreading fire to your doorstep.
Systems fail, employees make mistakes, and third parties regularly introduce new vulnerabilities to your business.
The NIST framework—viewed as the gold standard in cyber security—defines the five pillars that support holistic and successful cyber security planning. These pillars are: ‘Identify’, ‘Protect’, ‘Detect’, ‘Respond’, and ‘Recover’.
While important, the largely preventive ‘Protect’ and ‘Detect’ pillars only account for two-fifths of a comprehensive cyber security strategy. The last mile of ‘Response’ and ‘Recovery’ is equally (if not more) essential to avoiding disastrous consequences considering that perfect prevention cannot be logically expected, similarly to fire prevention.
For example: Even if I build a 10,000 meter tall wall around my home, a thief only requires a 10,000 meter tall ladder to infiltrate my defenses. As is the case in cyber security, walls take significantly more time and resources to build than ladders, and cyber attackers are evolving their tactics by the hour.
Truly persistent attackers will successfully penetrate their targets in the end. Our job as incident responders is to stop them in their tracks and remove them as quickly as possible.
Not Just Large Enterprise Firms—SMEs Face More Existential Cyber Risk
Large, cyber-mature organizations such as banks and multinational corporations understand that no risk can ever be fully eliminated. As such, these firms regularly employ full-time, in-house cyber security incident response teams (CSIRTs) devoted entirely to the detection of and response to cyber threats against their businesses—in addition to their general IT specialists.
However, the fact that large firms can afford to maintain in-house teams for immediate and dedicated support does not imply they are the only organizations with a need for specialized response. In fact, about 40% of all cyber attacks are against small and medium enterprises (SMEs), with 63% of SMEs experiencing a cyber attack in the last year alone.
Furthermore, SMEs arguably face greater existential risk with significantly less financial resilience to bounce back from a breach.
Every business, no matter their size, requires specialist cyber security incident response support on call for the variety and scale of cyber “fires” one might face. In the same way building managers should not be expected to specialize in response to every kind of gas, oil, grease, electric, or any other number of fire classifications, neither should a general IT specialist be expected to manage every variety of cyber threat that crosses their screen.
In all cases, maintaining an auxiliary cyber “firefighting” team on backup—whether in-house or retained—is the most effective way to ensure your business survives an incident.
"About 40% of all cyber attacks are against small and medium enterprises (SMEs), with 63% of SMEs experiencing a cyber attack in the last year alone"
Blackpanda is Asia’s Friendly Neighborhood Cyber “Firefighting” Team
Our incident responders are located across Asia like fire stations, able to provide on-site support to clients in the event of a security breach.
Like the brigades of 17th century London, we partner with cyber insurance providers to deliver a more comprehensive cyber risk management solution to cover that “last mile” of response and recovery for businesses of all types and sizes across Asia-Pacific.
This is the ultimate purpose of Blackpanda: to have your back when you need it most and in your greatest time of need. When your walls are breached despite all the best preventive efforts, we are standing by in the shadows, ready to extinguish your digital “fires”.
Interested in having Blackpanda incident response specialists on call in case of an incident? Learn more about Blackpanda Incident Response Retainers here.
Interested in speaking to a DFIR specialist?