DR and IT Security Meet Finally

Article cover image

22 Ideas and Questions to Prepare in Advance of Being Hacked

Do you want to be radical and world class CIO a real Tier 1 Business CIO?

Try this. Bring the following ideas to the table.

Interrupt your BCP consultant or internal person in charge of Business Continuity soon, maybe even today, and ask them how they plan on keeping the business running while at the same time finding a hacker operating inside your network who is having a field day with your data and your systems?

Why should you ask them this?

They should already be planning for this event….and they are probably not.

In a recent conversation with a financial services COO and CIO, both of them said the Consultant working on their BCP initiative gave them a variety of BCP (Business Continuity Plan) Table Top exercises to choose from. I asked them if they gave you an option of a Cyber Security Disaster.

Not one…..let me repeat, not one was regarding the inevitable…being hacked.

A true disaster for the inevitable future is not a ‘crater in the ground’ or a regional disaster. It is to be hacked and not know what to do next.

A true disaster would be for you to not think through the following steps:

  1. Who are you going to call when you find out that PII information has been leaked and the media has caught wind of the news?
  2. Who will you call to find the Malware?
  3. Do you have a team that can root our sophisticated Malware APTs? Is it an internal team or external? Would you be pulling a team together from a mix of sources like staff, Big Data Security Analytics (outsourced), VAR, etc?
  4. What are the regulators saying has to be your response to your customers? In particular, how fast or slow can be the response? Note – a slow response doesn’t mean that you don’t care, it may mean that you are being amazingly diligent in gathering all the evidence prior to divulging your accurate response to the public.
  5. Wouldn’t it be best to let your CEO and Board know what your process will be well in advance so that you can get buy into a methodical approach scenario?…if that is what you want….
  6. Do you have all the right tools plugged to reverse a hack event fast!
  7. Do you have a trusted company/VAR to help you with identifying the threat and help you dig it out technically?

When you are hacked Senior Executives, your peers will come to you and will be frightened. You may be as well. Yours and their amygdala mechanism in the brain will be triggered. This is the part of the brain responsible for the ‘fight or flight’ response. It is good for fighting wooly mammoths and saber tooth tigers, but not appropriate when responses are needed to the Board, CEO, customers, and media all at the same time.

Some things to check:

  1. What insurance coverage do you have?
  2. Does it cover data within your four walls at HQ only? What about Cloud vendors?
  3. What about data on laptops?
  4. Do you need to talk to the CFO about saving a little fund to accumulate cash to mail out letters to all your customers letting them know what happened? Do the math. If you have 50,000 customers the costs add up.
  5. What is the cost if you need to of buying identity theft protection insurance for all your customers for a year after the hack as a way to protect them?
  6. What is the cost of a team of Sr Execs scrambling through the hallway having meetings to discuss how to handle the impact to good will, stock price, reputation, sales, etc.? There is a human cost to these meetings. A meeting like this won’t happen in a vacuum.

My recommendation

Have the tough conversation about this subject. Encourage, cajole, force the Senior Team to “be adults” about this topic. The likelihood of being hacked is high and is much higher than the Ebola virus, Avian Flu, or Natural Disaster striking. It is necessary for your BCP planners to add this to their ‘Table Top” planning.

What if you developed a ‘2 minute drill’ ahead of time like a football team has. When you are in a RedZone situation like this it takes an unusual team, and better than normal planning, to be able to run all the plays and orchestrate people under pressure. I am not saying that the Sr Team doesn’t need to huddle, but the plan needs to already be pre-rehearsed….you get what I mean.

In this drill can you identify?

  1. How you are going to reverse engineer the hack and how fast?
  2. What big data security tools you are going to use outside your firewall?
  3. What forensics tools you are going to use inside your network/s?
  4. What is your technical war room going to look like (internal staff, partners, etc) …the goal being extraction.
  5. Customer response plan?
  6. How you are going to keep the engine of the business running while going through all these steps
  7. Auditor, compliance (internal and external) response plan.
  8. FBI and other resource numbers on hand

To reach Bill Murphy regarding IT Security contact him at billm@redzonetech.net

To find out more information about Bill Murphy and the companies he owns you can click on this link. www.redzonetech.net