What are the most common types of cyber attacks?

The most common types of cyber attacks include phishing, malware, ransomware, and distributed denial-of-service (DDoS) attacks. Each of these exploits vulnerabilities in systems, software, or human behaviour to achieve their goals.

What motivates cyber attackers?

Cyber attackers are driven by financial gain, political objectives, personal vendettas, or the intellectual challenge of overcoming security measures.

Who are the typical perpetrators of cyber attacks?

Cyber attacks are carried out by individual hackers, cybercriminal organisations, nation-state actors, hacktivists, and insiders who misuse their legitimate access.

What are the signs of a cyber attack?

Signs of a cyber attack include unusual account activity, system slowdowns, unauthorized access alerts, unexplained data changes, and suspicious network traffic.

How can businesses protect themselves from cyber attacks?

Businesses can protect themselves by regularly updating software, training employees, enforcing strong password policies, using firewalls and intrusion detection systems, encrypting data, and conducting regular security audits.

What is simulation in cyber security?

Simulation in cyber security involves creating realistic, controlled environments where organisations can test their defences against cyber threats, mimicking real-world attacks.

What are the objectives of cybersecurity simulation training?

The objectives of cybersecurity simulation training are to identify vulnerabilities, enhance incident response strategies, and ensure staff are prepared to handle cyber threats.

What are services in cyber security?

Cyber security services include threat assessments, penetration testing, security monitoring, incident response, and advisory services to protect an organization's digital assets.

What is cyber crisis simulation?

Cyber crisis simulation is training where an organization undergoes a mock cyber attack to test and refine their crisis management plan.

Strengthening the Digital Defences: A Strategic Imperative for C-Suite and Boards in the Face of Cyber Threats through Cyber Attack Simulation

Sep 04 , 2024

| Greg Spencer

The recent cyber attack on DP World’s Australian ports has sent shockwaves through the business community, highlighting the critical vulnerabilities that can disrupt even the most robust operations. For C-suite executives and board members, this incident serves as a powerful reminder that cyber security is no longer just a technical concern—it’s a strategic imperative that demands your direct oversight and involvement.

As leaders responsible for safeguarding your organisation’s future, you must recognise that cyber threats are evolving faster than ever before. The question is not whether your company will be targeted, but when. The financial, operational, and reputational damage from such an attack can be catastrophic, making it essential that you are prepared not just to respond, but to anticipate and prevent these threats.

At Beyond Technology, we specialize in empowering executives like you to lead the charge in fortifying your organisation’s cyber defences. Our suite of services is designed to elevate cybersecurity from a back-office function to a boardroom priority. One of the cornerstone offerings in our strategy is the Cyber Attack Simulation service, which allows your organisation to experience and respond to a simulated cyber attack under realistic conditions. This not only tests your current defence plans but also provides invaluable insights into potential vulnerabilities, ensuring that you are not caught off guard when the real attack occurs. Thorough assessments and simulations can inform businesses about the value and effectiveness of their security investments, ensuring resources are allocated efficiently to mitigate risks.

The DP World attack underscores the urgency of this approach. It is clear that companies must move beyond compliance checklists and towards a proactive, strategic stance on cybersecurity. For board members and C-suite executives, this means taking an active role in guiding your organisation’s cybersecurity strategy, ensuring that it aligns with your overall business objectives and risk management frameworks. By partnering with Beyond Technology, you can lead your organisation confidently into the future, knowing that you have taken the necessary steps to protect your operations, reputation, and bottom line from the growing threat of cyber attacks.

The DP World Cyber Attack - A Strategic Risk Highlight

The cyber attack on DP World’s Australian operations in November 2023 was more than just a wake-up call—it was a stark illustration of the strategic risks that cyber threats pose to critical infrastructure and the broader economy. For C-suite executives and board members, this incident underscores the need for a proactive and strategic approach to cybersecurity, one that transcends traditional IT concerns and integrates deeply into overall business strategy to continuously assess and reduce cyber risk not only across your organisation, but also your digital supply chain.

Incident Summary

On November 10, 2023, DP World, which handles 40% of Australia’s shipping container trade, fell victim to a sophisticated cyber attack that crippled operations at four major Australian ports—Sydney, Melbourne, Brisbane, and Fremantle. This attack left over 30,000 containers stranded, causing significant delays and disrupting supply chains across the country. The operational impact was immediate and severe, with landside freight operations coming to a complete halt as the company scrambled to contain the breach.

What makes this incident particularly alarming for senior leadership is the speed and scale of the disruption. Despite DP World’s established reputation and resources, the attack exploited vulnerabilities that led to an immediate and cascading failure of critical systems and critical assets. This event highlights how even the most robust companies can be brought to their knees by a well-coordinated cyber attack, making it imperative for C-suite executives to reassess their approach to cybersecurity.

Strategic Implications

For boards and executives, the DP World cyber attack is a clear signal that cybersecurity must be a top priority in corporate governance. The potential for operational disruption, financial loss, and reputational damage is too significant to ignore. As stewards of your organisation’s future, it is essential to understand that cyber threats are not just an IT problem—they are a strategic business risk that requires your direct involvement and oversight. ASIC expects directors to ensure their organisation's risk management framework adequately addresses cyber security risk and that controls are implemented to protect key assets and enhance cyber resilience. They warn that failure to do so could cause directors to fall foul of their regulatory obligations

The key takeaway from this incident is the importance of preparedness. It is not enough to have reactive measures in place; organisations must be proactive in identifying and mitigating potential threats before they materialise. This is where Beyond Technology’s Cyber Attack Simulation service becomes invaluable. By simulating real-world attack scenarios, this service allows your organisation to stress-test its response plans, identify weaknesses, and refine response strategies in a controlled environment.

The DP World incident serves as a stark reminder that the cost of inaction can be devastating. For C-suite executives and board members, it is your responsibility to ensure that your organisation is not only compliant with cybersecurity regulations but also resilient against the evolving landscape of cyber threats. By engaging with services like Beyond Technology’s Cyber Attack Simulation, you can gain the insights and confidence needed to protect your organisation from similar disruptions, safeguarding both your operational continuity and your reputation.

In summary, the DP World cyber attack should be viewed as a pivotal moment for all senior leaders. It is a call to action to prioritise cybersecurity at the highest levels of corporate strategy, ensuring that your organisation is prepared to face the challenges of the digital age with resilience and foresight.

Evolving Cyber Threats - A C-Suite Perspective

The cyber threat landscape is evolving at an unprecedented pace, presenting new challenges that require a strategic response from the highest levels of corporate leadership. For C-suite executives and board members, understanding the nature of these threats is crucial to safeguarding the organisation’s long-term viability. The recent DP World cyber attack is just one example of how sophisticated and targeted these threats have become, underscoring the necessity for proactive, board-level engagement in cybersecurity. This includes assessing and evaluating both network and application security controls to identify vulnerabilities and improve the overall security posture.

Current Threat Landscape

Today’s cyber threats are more sophisticated, coordinated, and destructive than ever before. Cybercriminals are no longer lone actors; they are part of organised networks that can target multiple aspects of an organisation’s operations simultaneously. This includes everything from denial of service and ransomware attacks that lock down critical systems to data breaches that expose sensitive corporate and customer information. These threats are not just technical challenges—they are strategic risks that can cripple an organisation’s ability to operate and compete by exposing security gaps.

The rise of advanced persistent threats (APTs) and the increasing use of AI and machine learning by cybercriminals mean that traditional defensive measures are no longer sufficient. Understanding attack paths is crucial in enhancing security by identifying and addressing risky areas before a real attack occurs. These new forms of attack are designed to bypass standard security protocols, making it imperative for executives to understand that cybersecurity is a dynamic challenge requiring continuous vigilance and adaptation. This is where the importance of proactive measures, such as Beyond Technology’s Cyber Attack Simulation, becomes clear. By simulating these sophisticated attacks, organisations can better understand how these threats would impact their operations and prepare accordingly.

Boardroom Risks

For C-suite executives and board members, the implications of these evolving threats are profound. Cybersecurity is no longer a back-office concern; it is a front-line issue that directly impacts the strategic direction and operational success of the organisation. A successful cyber attack can lead to significant financial losses, legal liabilities, and irreparable damage to the company’s reputation. Moreover, in today’s regulatory environment, failure to adequately address cybersecurity risks can result in severe penalties and a loss of investor confidence.

Boards and executives must recognise that the stakes have never been higher. Cybersecurity should be integrated into the overall risk management strategy, with regular reporting and oversight at the board level. This requires a shift from a reactive approach to one that is proactive and strategic. By leveraging tools like the Cyber Attack Simulation offered by Beyond Technology, boards can gain a comprehensive understanding of the risks they face and ensure that their organisation is equipped to handle the most sophisticated cyber threats.

The evolving cyber threat landscape demands a new level of engagement from C-suite executives and board members. It is no longer sufficient to delegate cybersecurity to the IT department; it requires strategic oversight and proactive management at the highest levels of the organisation. By embracing a proactive approach and utilising advanced tools like cyber-attack simulations, boards can better protect their organisations from the potentially devastating impacts of these emerging threats. Technology teams must be well-prepared through proper training, incident response exercises, and simulation of attack scenarios to identify vulnerabilities and strengthen overall cybersecurity defences.

Proactive Cybersecurity - The Board's Role in Strategic Oversight

In today’s business environment, where digital assets are as valuable as physical ones, cybersecurity cannot be an afterthought—it must be a strategic priority driven by the boardroom. As cyber threats evolve in both complexity and frequency, the role of C-suite executives and board members in overseeing and guiding the organisation’s cybersecurity strategy has never been more crucial. This shift in responsibility reflects the reality that cybersecurity is not merely a technical issue but a fundamental aspect of corporate governance and risk management, including the assessment and validation of security controls.

Governance and Accountability

Effective cybersecurity governance starts at the top, with the board and C-suite setting the tone and direction for the entire organisation. This involves more than just approving IT budgets; it requires an active engagement in understanding the specific cyber risks facing the business and ensuring that there are robust policies and procedures in place to manage these risks.

Boards must ensure that cybersecurity is integrated into the organisation’s broader risk management framework. This includes regular reviews of cybersecurity strategies, policies, and incident response plans, as well as evaluating existing security measures to identify vulnerabilities and suggest improvements. Moreover, it is essential for boards to demand regular updates from their IT and cybersecurity teams, ensuring that they are kept informed about the latest threats and the effectiveness of the organisation’s defences. This level of oversight is critical in today’s landscape, where the consequences of a cyber attack can extend far beyond financial losses, affecting brand reputation and shareholder value.

Beyond Technology offers a range of services designed to assist boards in fulfilling this governance role. Our Cyber Attack Simulation service, for example, provides boards and executives with a realistic view of how their organisation would fare under a sophisticated cyber attack. By running these simulations, boards can gain invaluable insights into potential vulnerabilities, test their incident response plans, and ensure that their organisation is prepared for the worst-case scenario.

Beyond Technology’s Approach

At Beyond Technology, we recognise that every organisation is unique, with its own specific set of risks and challenges. That’s why our approach to cybersecurity is tailored to the needs of your business, focusing on the alignment of cybersecurity strategies with overall business goals. We work closely with boards and executive teams to develop a comprehensive cybersecurity strategy that not only addresses current threats but is also adaptable to future challenges.

Our Cyber Attack Simulation service is a key component of this strategy. These simulations are designed to mimic real-world attack scenarios, allowing your organisation to test its response plans in a controlled environment. By doing so, you can identify gaps in your security posture, refine your plans, and ensure that your team is ready to act decisively in the event of an actual attack. For boards, this means having the confidence that your organisation’s cybersecurity strategy is not just theoretical but has been rigorously tested and validated.

The role of C-suite executives and board members in cybersecurity is one of strategic oversight and accountability. By taking an active role in guiding your organisation’s cybersecurity efforts and leveraging tools like Beyond Technology’s Cyber Attack Simulation, you can ensure that your business is not only compliant with regulatory requirements but is also resilient in the face of an ever-evolving cyber threat landscape. This proactive approach is the key to protecting your organisation’s assets, reputation, and future.

Attack Simulation - A Strategic Tool for C-Suite Preparedness

In the boardroom, the conversation around cybersecurity often centres on risk management and strategic oversight. However, the true measure of a company’s cyber resilience lies not in its plans on paper, but in its ability to respond effectively when those plans are tested through an attack or simulation. This is where cyber attack simulations become an indispensable tool for C-suite executives and board members. By actively participating in these simulations, leadership teams can gain a realistic understanding of their organisation’s readiness to face a cyber crisis, allowing them to make informed decisions that strengthen their overall cybersecurity posture.

Service Overview

The concept of a cyber attack simulation might seem daunting, but it’s an essential exercise for any organisation that takes its cybersecurity seriously. At Beyond Technology, our Cyber Attack Simulation service is designed to replicate sophisticated and emerging threats that your business might encounter. These simulations are not merely technical exercises; they are comprehensive assessments that engage every level of the organisation, from IT teams to executive leadership.

During a simulation, we create a controlled environment where a variety of attack scenarios are played out. These scenarios are tailored to reflect the specific threats your industry faces, whether that’s a ransomware attack, a phishing campaign, or a targeted data breach. The goal is to observe how your organisation’s processes, and people respond under pressure. Are your defences robust enough to withstand an attack? How quickly can your teams identify and contain the threat? Are your communication protocols effective in managing the crisis both internally and externally? These are the critical questions that a cyber attack simulation helps answer.

Strategic Benefits

For C-suite executives and board members, the strategic benefits of engaging in a cyber attack simulation are manifold. Firstly, these simulations provide a clear and practical insight into the organisation’s current cybersecurity posture. This is crucial because it moves the conversation from theoretical risks to tangible, observed outcomes. By experiencing how a cyber attack could unfold in real time, executives can better understand the potential impact on their operations, financials, and reputation.

Secondly, cyber attack simulations serve as a powerful tool for identifying and rectifying weaknesses before they can be exploited by malicious actors. This proactive approach is far more effective than reacting to an incident after it has occurred. It allows boards to understand the information that may not be available to support decisions that need to be made in real-time, allocate resources more efficiently, prioritising areas that require immediate attention while also planning for longer-term improvements.

Moreover, these simulations play a critical role in improving incident response capabilities. They test not only the technical systems in place but also the effectiveness of decision-making processes at the executive level. By involving the board and C-suite in these exercises, organisations can ensure that their leadership is prepared to manage a crisis with confidence and clarity. This readiness is essential in minimising the damage caused by a cyber attack and in maintaining stakeholder trust.

Finally, the insights gained from a cyber attack simulation can inform strategic discussions around cybersecurity investment and risk management. Boards can use the findings to advocate for necessary changes in policy, technology, and training, ensuring that the organisation remains resilient in the face of evolving threats.

Cyber attack simulations are not just a technical exercise—they are a strategic imperative for any organisation serious about protecting its reputation and digital assets. For C-suite executives and board members, participating in these simulations offers a unique opportunity to see how prepared their organisation truly is, and to take proactive steps to strengthen its defences. By partnering with Beyond Technology and utilising our Cyber Attack Simulation service, you can ensure that your organisation is not only compliant with industry standards but also resilient and ready to face the challenges of the digital age.

Integrating Cyber Security into Corporate Strategy

In an era where cyber threats are increasingly sophisticated and pervasive, cybersecurity must be viewed as an integral part of corporate strategy rather than a standalone IT concern. For C-suite executives and board members, this means ensuring that cybersecurity is embedded in every aspect of the organisation’s operations and strategic planning. A proactive, integrated approach to cybersecurity is essential for safeguarding not only the organisation’s assets but also its long-term viability and reputation. Developing an appropriate level of understanding through independent advice, and evaluating and improving the organization's security posture through proactive measures like cyber attack simulations is crucial for understanding readiness against real-world cyber threats.

Long-term Resilience Planning

Cybersecurity is not a one-time investment; it requires ongoing commitment and continuous improvement. The threats that organisations face today will not be the same as those they encounter tomorrow. This dynamic landscape necessitates a long-term approach to resilience planning, where cybersecurity is treated as a core component of business continuity and risk management strategies.

Boards and executives must recognise that cybersecurity is as much about preparing for future threats as it is about addressing current ones. This involves regular reviews and updates to cybersecurity policies, continuous monitoring of emerging threats, and investment in new technologies that enhance the organisation’s defensive capabilities. One of the most effective ways to build long-term resilience is through tools like Beyond Technology’s Cyber Attack Simulation. By regularly testing your organisation’s defences against realistic attack scenarios, you can ensure that your cybersecurity measures evolve in line with the changing threat landscape.

A key aspect of long-term resilience planning is fostering a culture of cybersecurity awareness across the entire organisation. It’s not just about having the right technology in place; it’s about ensuring that every employee understands their role in protecting the organisation from cyber threats. This requires ongoing training and communication from the top down, reinforcing the importance of cybersecurity at every level of the business. One of the most effective ways to achieve this is through an attack simulation, which evaluates of your security posture, identifying vulnerabilities and simulating real-world attacks without impacting system performance.

Technology and Policy Integration

For cybersecurity to be truly effective, it must be seamlessly integrated into the organisation’s broader technology infrastructure and governance frameworks. This means aligning cybersecurity initiatives with overall business objectives, ensuring that they support the organisation’s strategic goals while mitigating risks.

Technology integration involves more than just deploying the latest security tools; it’s about creating a cohesive, layered defence that protects the organisation from all angles. This includes everything from secure network architectures and robust data encryption to advanced threat detection and response systems. Boards must work closely with their IT and cybersecurity teams to ensure that these technologies are not only in place but are also functioning as part of a comprehensive strategy that addresses the organisation’s specific risk profile.

Policy integration is equally important. Cybersecurity policies should be aligned with regulatory requirements and industry best practices, but they must also be tailored to the unique needs of the organisation. This includes clear guidelines for incident response, data protection, and access management, as well as regular audits to ensure compliance and effectiveness. The insights gained from a Cyber Attack Simulation can be invaluable in refining these policies, helping to identify gaps and areas for improvement.

Integrating cybersecurity into corporate strategy is a critical responsibility for C-suite executives and board members. It requires a forward-looking approach that prioritises long-term resilience and aligns technology and policy with the organisation’s strategic objectives. By leveraging the expertise of Beyond Technology and engaging in proactive measures such as cyber-attack simulations, you can ensure that your organisation is not only protected against today’s threats but is also prepared for the challenges of the future. This strategic integration is the key to maintaining business continuity, protecting shareholder value, and securing your organisation’s place in an increasingly digital world. Thorough assessments and simulations can inform businesses about the value and effectiveness of their security investments, ensuring resources are allocated efficiently to mitigate risks.

Beyond Technology's Value to Boards and C-Suite Executives

In today’s complex and volatile cyber landscape, the value of a strategic partner who understands both the technological and business implications of cybersecurity cannot be overstated. At Beyond Technology, we are committed to empowering C-suite executives and board members with the tools, insights, and expertise needed to protect their organisations from ever-evolving cyber threats. Our holistic approach to cybersecurity is designed to align with your organisation’s strategic goals, ensuring that your defences are robust, adaptive, and capable of responding to even the most sophisticated attacks by identifying and addressing security gaps.

Comprehensive Services for Strategic Risk Management

Beyond Technology offers a broad spectrum of cybersecurity services that cater specifically to the needs of senior leadership. We understand that the role of the board is not only to provide oversight but also to guide the strategic direction of the organisation. Our services are tailored to support this role, offering advice that enhances your organisation’s resilience while providing the necessary insights to make informed decisions.

One of our flagship offerings, the Cyber Attack Simulation, is particularly valuable for boards and executives. This service goes beyond traditional security assessments by immersing your organisation in a realistic attack scenario. Through these simulations, you can observe how your teams respond, identify gaps in your plans, and refine your incident response strategies. The insights gained from these exercises are not only practical but also strategic, enabling you to make data-driven decisions that strengthen your organisation’s cybersecurity posture.

Our comprehensive approach also includes strategic advisory services, where we work closely with your executive team to develop and implement a cybersecurity strategy that aligns with your business objectives. Whether it’s through risk assessments, policy development, or technology selection advice, our goal is to ensure that cybersecurity is seamlessly woven into the fabric of your organisation’s operations and governance frameworks. This includes enhancing the capabilities of your technology teams through proper training, incident response exercises, and simulation of attack scenarios to identify vulnerabilities and strengthen overall cybersecurity defences.

Strategic Partnership for Ongoing Resilience

In the rapidly changing world of cyber threats, one-off solutions are no longer sufficient. Cybersecurity requires continuous vigilance and adaptation. This is why Beyond Technology views our relationship with clients as a long-term partnership, focused on sustaining and enhancing your organisation’s resilience over time.

Our partnership approach means that we are with you every step of the way, from initial assessments to ongoing monitoring and updates. We provide regular briefings to the board, ensuring that you are always informed about the latest threats and the effectiveness of your cybersecurity measures. By staying ahead of emerging trends and potential vulnerabilities, we help you maintain a proactive stance against cyber threats, rather than a reactive one.

Moreover, we recognise that cybersecurity is not just about technology—it’s about people and processes as well. This is why our services also focus on building a culture of cybersecurity awareness within your organisation, ensuring that everyone, from the front lines to the boardroom, understands their role in protecting the business. Through training, workshops, and ongoing support, we help you foster a security-first mindset that permeates every level of your organisation.

The value that Beyond Technology brings to boards and C-suite executives lies in our deep understanding of both the technical and strategic aspects of cybersecurity. By partnering with us, you gain access to a wealth of expertise, a suite of cutting-edge services, and a commitment to long-term resilience. Our Cyber Attack Simulation service, in particular, offers a powerful tool for testing and improving your organisation’s defences, providing the insights you need to protect your assets, reputation, and future by evaluating your security posture and response plans. In an increasingly digital world, this proactive and strategic approach to cybersecurity is not just an option—it’s a necessity.

FAQ’s

What is the board's responsibility for cybersecurity?

The board's responsibility for cybersecurity extends beyond merely overseeing IT operations; it encompasses ensuring that the organisation has a robust cybersecurity framework that aligns with its overall business strategy. The board must provide strategic oversight, ensuring that cybersecurity risks are identified, assessed, and managed as part of the organisation's risk management practices. This includes setting the tone from the top by prioritising cybersecurity in corporate governance, regularly reviewing cybersecurity policies, and ensuring that the organisation has adequate resources and expertise to combat cyber threats. The board is also responsible for ensuring that there is a clear and effective incident response plan in place, and that it is regularly tested through simulations, such as Beyond Technology’s Cyber Attack Simulation, to validate its effectiveness.

Why should boards care about cybersecurity?

Boards should care about cybersecurity because the implications of a cyber attack extend far beyond operational disruptions—they can severely impact the organisation's financial stability, reputation, and legal standing. In today’s digital world, where data breaches and ransomware attacks are increasingly common, a single cyber incident can lead to significant financial losses, regulatory penalties, and a loss of customer trust. Moreover, failure to adequately address cybersecurity risks can expose the board to legal liabilities, particularly in industries subject to strict regulatory oversight. By prioritising cybersecurity, boards protect not only the organisation's assets but also its long-term viability and reputation in the marketplace.

How do I prepare for cybersecurity?

Preparing for cybersecurity involves a multifaceted approach that includes both strategic planning and practical measures. Start by conducting a comprehensive risk assessment to identify your organisation's vulnerabilities and the potential impact of different types of cyber threats. From there, develop a robust cybersecurity strategy that aligns with your business objectives and includes policies and plans for data protection, access management, and incident response. Regularly update and test these policies and plans to ensure they remain effective against evolving threats. Investing in employee training and awareness programs is also crucial, as human error is often a significant factor in security breaches. Additionally, consider engaging in proactive exercises like Beyond Technology’s Cyber Attack Simulation to test your defences and refine your cyber incident response plans.

What should you do during a cyber attack?

During a cyber attack, it’s crucial to act swiftly and decisively. First, activate your organisation’s cyber incident response plan, ensuring that all key stakeholders are informed and that your cybersecurity team begins containment efforts immediately. Isolate affected systems to prevent the spread of the attack and preserve evidence for forensic analysis. Communicate clearly and transparently with your employees, customers, and partners to manage the situation and maintain trust. If necessary, engage with external cybersecurity experts or legal counsel to assist in managing the incident. Throughout the process, maintain detailed records of all actions taken and decisions made, as these will be critical for post-incident reviews and any potential legal or regulatory inquiries.

Who helps with cyber attacks?

Several entities can assist during a cyber attack. Firstly, your internal IT and cybersecurity teams will be the frontline responders, working to contain the breach and restore normal operations. However, in many cases, external help is necessary. Cybersecurity and advisory firms, offer specialised services, including incident response, forensic analysis, and post-attack recovery. For example, Beyond Technology’s Cyber Attack Simulation can be a crucial tool in preparing for such incidents. Additionally, law enforcement agencies and government bodies like the Australian Cyber Security Centre (ACSC) can provide support, especially in dealing with criminal aspects of the attack or in compliance with regulatory requirements. Legal counsel should also be engaged to manage potential liabilities and regulatory obligations.