Written by: Mitch Avnet | Compliance Risk Concepts
The world has changed in cyber space. It used to be a company could create a strong exterior wall with firewalls, intrusion detection, virtual private networks and a robust set of virus response tools to keep the “bad guys” out of the critical data you use to perform your business dealings. That was Then and but this is Now.
“Now” is defined by a much more complex world in which the statistics point to the majority businesses having already been hacked in some way. And in the B2B environment we live in, up and down stream partners are also a part of a company’s over all risk. And a risk to one may very well be a risk inherited by all within a supply chain or electronic interface community. Whether you have already felt the pain and loss of a hacking incident or fear you are still waiting for the proverbial “shoe to drop”, how you respond to and recover from a cyber incident will dictate how much you lose both in direct impacts and public confidence.
“Now” means shifting our mindset from just building and defending the IT infrastructure and applications to also preparing for how to respond to when a cyber incident occurs.
The most important factor to consider in preparing to respond to a cyber incident is time. The speed which makes world-wide B2B electronic transactions so much of a business advantage also creates an enormous amount of risk for the company. During a cyber incident a company needs to not have to think, they just need to do and do quickly. The second factor to consider is that in the 21st Century every business is an information technology business. Responding to a cyber incident is a team sport which requires involvement from information technology, operations, strategic communications, human resources, security, risk, vendor management, general counsel, finance, sales and leadership.
So you have a lot of people, with their own important missions, needing to be aligned together to move out quickly and seamlessly, many times across countries and continents, without having to think during a cyber incident. What could go wrong you ask? Basically everything, if you are not prepared to respond.
We believe there is much for commercial industry to learn from the US military model for handling incidents and crises. Our Service members use mission minded military concepts everyday to respond to natural disasters and keep our enemies at bay. They do it better than anyone else. We are so impressed with this military model we have created a consulting product to help companies like yours develop and implement a high speed cyber response capability. We will come along side your staff with prior military and Department of Defense employees to build military discipline and rigor into a response capability which will posture your organization with plans and associated products like exercises and assessments to be ready to respond quickly and effectively.