Cyberattacks continue to rise, with a staggering 38% increase in global incidents last year. Attacks on digital identities are skyrocketing, cloud attacks are increasing, and ransomware continues to plague organizations in every industry. As the threat surface expands and the concept of a network “perimeter” becomes less and less defined, the issue is when a business will be attacked, not if it will be. That means businesses need to think not just in terms of prevention, but mitigation — and that starts with a plan.
Uniting Competing Priorities
There are a lot of competing priorities during a breach. The CFO will be concerned with the financial impact. The CMO and sales teams will be worried about reputation and customer messaging. The CTO, CIO, and other technology leaders will be focused on remediation, business continuity, and future prevention. Waiting until a breach happens to pressure-test the balance between those priorities isn’t ideal. That means it’s important to make a plan — several plans, in fact:
These plans cannot be made in isolation — they need to be aligned with one another, and leaders need to proactively collaborate. Otherwise, competing plans may wind up forcing people to work at cross purposes, creating unintentional conflict. This means it’s important to not just draw up plans, but to stress-test them as well.
Testing Your Plans: Tabletops
Tabletop exercises are scenario-based breach simulations. They’re usually run internally, though they often involve external consultants who can provide an objective perspective. They may come with a variety of different scenarios, and the exercise is run much like other, traditional tabletop games. An exercise might start with a technology problem and escalate through the PR response to a major breach. It might even get to a point where bankruptcy papers need to be drawn up. It sounds bleak, but knowing what to do in a worst-case scenario is important.
The goal here is to ensure that not only do the individual players know their roles during a security incident, but that they work well together. If there are places where the business recovery plan and incident recovery plan come into conflict, it’s important to know that well ahead of time. If there are gaps in coverage where those plans are insufficient, they need to be refined and improved. It’s especially important to test the places where communication and collaboration are required. If security controls failed to catch something, it’s important to know why. Tabletop exercises help businesses assess their current standing while identifying opportunities to reduce risk and optimize their resources.
People Are as Important as Technology
Security breaches are stressful. There’s often significant risk to the business, as well as people’s livelihoods, so tensions can run high. People react to times of stress differently, and that’s OK — but it’s also why it’s important to have a plan in place that takes emotion out of the equation by providing clear, step-by-step guidance. Security technology gets most of the attention, but it’s important to remember that technology isn’t the only — or even the most important — thing that needs to be tested. A breach affects the whole organization, from IT and security to finance and sales. When an incident occurs, it’s important to know that everyone understands the role they play in achieving a positive outcome.