Get to the (digital) bunker

I wish I could tell you it’s eventually going to stop, but I can’t. Because it isn’t.

I’m talking, of course, about cybercrime. If you’ve read any of my previous posts, you probably already knew that. Cybersecurity is what I do. But I don’t assume. And trust me—my confidence in this isn’t an assumption, either. It’s based entirely on the numbers.

Just look at them: Between 2018 and 2022, the total number of police-reported cybercrimes in a year in Canada rose from 33,893 to 74,073, according to Statistics Canada. Break that down by the various provinces and other specified localities and, in almost every case, the frequency of attacks doubled or more over those four years. And who knows how many incidents go unreported.

The most recent National Cyber Threat Assessment (2023-2024) summarizes the situation well: “Over the last two years, cyber security has become a top concern for Canadians. Ransomware incidents hit the headlines on an almost daily basis both in Canada and around the world. Our essential services are being disrupted, from hospitals and schools to municipalities and utility providers. Our personal and financial data are being stolen, traded, or leaked online. Our online spaces are being flooded with false information and divisive rhetoric.”

It all adds up. And up. And up.

Here’s the delicate part: the more your organization is dealing with the public—the more, that is, the public depends on your organization for goods and services—the greater the negative impact of a disruptive and destructive cyber breach. And that impact only worsens the longer your operations and/or services are down or otherwise compromised—beginning with lost revenue as your customers seek out alternatives and including carry-on costs from reputational damage and other implications related to the recovery from business interruption.

In other words, the longer the business is down, the more damaging and expensive it is to recover. Several high-profile incidents over the past couple of years serve to drive this point home.

In previous posts, I elaborated on the importance of preparedness when it comes to effective incident response. Having the ability to rally the troops and respond in a coordinated fashion has a direct correlation on the speed and cost of recovery.

But one of the central challenges and keys to a more effective and efficient response is for stakeholders to quickly communicate safely with each other and the ability to make the necessary decisions quickly. What if I told you there was a virtually surefire way to do this?

KPMG in Canada has teamed up with ShadowHQ for end-to-end cyber security response capabilities that can help protect you better. They provide an “out-of-band digital bunker”—an independent and secure platform that can house all your incident response information and enable coordinating activity, allowing you to navigate a cyber breach in a more coordinated and programmatic manner.

“We call it a digital bunker,” says ShadowHQ CEO Nick Scozzaro, “because it’s a place where the hackers can’t follow. It’s disconnected by design from the infected and compromised environment, therefore blinding your attackers and allowing you to take back control.”

Picture it: It’s 2am, you just got one of the worst calls you’re ever going to get (you’re under cyber-attack!), and you might be moving more gracefully if your emotions weren’t so high, and you weren’t afraid to panic and make a mistake. But log in to your fully equipped digital bunker, pull the alarm and a pre-coordinated response is set in motion.

This can be done if you already have a safe store of the policies and playbooks that KPMG helped you build and test in the first place—if, that is, you already have a digital bunker. Once activated, the platform identifies and loads into operation all the tasks that need to happen in the order in which they need to happen, and then makes them happen. Think practical: instead of an individual having to personally contact the 25 people officially on-call, a multi-channel blast is automatically sent out to them.

“It's about removing the real-time human decision element,” says Nick, “and trying to automate all those things sequentially. Even with all the usual planning, a conventional response effort often takes hours just to get started.”

In other words, pair the prevention, preparation, and detection capabilities you’ve already come to depend on with a digital bunker, and it could become easier to:

• Quickly mobilize and communicate with and among teams
• Access the business continuity plan to determine priorities
• Maintain visibility and collaboration
• Keep leadership informed
• Maintain records for event post-mortem, reporting requirements and table-top planning.

Ultimately, it’s about moving from the “left of boom” to the “right of boom” without any other booms getting in the way.

The way I see it, this is a significant game-changer. Hard numbers on average timelines are difficult to pin down, but it’s estimated that the use of a digital bunker for cyber incident response can increase recovery speed by as much as a factor of three. It’s also useful for other kinds of digital disruptions that aren’t necessarily the result of cybercrime—like a critical IT device simply malfunctioning and your system going down through no one’s fault at all.

Whatever the case, having that bunker primed and at the ready can allow you to respond and recover more effectively and efficiently than ever, helping reduce business outages and stopping the bleeding as soon as humanly possible.

So, when the inevitable strikes, get to your digital bunker ASAP—so you can more quickly get back to normal.