Consider your average weekday morning before heading to work. There likely is a good amount of routine involved just ahead of what you can predict with a sense of confidence. Sure, there are variables like weather and traffic, but you’ve got this down pat.
Now consider what your morning would be like if you had no visibility into what lies ahead. You can’t access news, a weather report, or your online schedule. Waze and Google Maps are on strike, and Alexa and Siri are not on speaking terms with you. Feeling outside your comfort zone yet?
It’s on this kind of morning that something is going to go wrong. You don’t know what, where, when or how. Heck, it might not even happen. Or maybe it already did.
How ready are you now?
The latter scenario is what security pros have to consider almost every single day – being as prepared as possible for the completely unexpected. And by unexpected I mean bad events and incidents like suffering from a significant malware attack.
How do other security pros feel prepared? They seek out and listen to peers outside their own walls and ask what they would do differently after suffering through a major malware incident.
Get their insight. It has 20/20 vision and you need corrective lenses.
To help you feel prepared for an unexpected security event or incident, consider some or all of the following, and you might sleep just a tiny bit better tonight.
#1 Incident response planning
Do you have an up to date incident response plan? Probably not. Not many firms do. Your incident response plan may be part of your business continuity planning process already. A good incident response plan needs to be truly current and tailored for your business and team. Go ahead and start with a template, but do not simply fill in the blanks and file it away.
When’s the last time you invoked an exercise or simply did a table read-through to see what might need adjusting? If it’s been a while don’t simply wait a while longer. Set a reminder to refresh documents every three months. At the very least, have an up-to-date list of cell phone numbers to reach response and executive team members quickly.
Every member of your incident response team should not only be fully on board with the plan structure and familiar with every step and process, but also have a named proxy to take their place should they be completely unavailable. Be sure that all functions are represented such as executive, HR, finance, R&D, sales, marketing, customer support, and product management. If you are based in the U.S., your phone list should include the FBI, Homeland Security, and local police.
#2 Disaster recovery and business continuity planning
Apart from your incident response plan, what’s your first move after your data center, servers and other parts of your physical infrastructure get damaged or somehow rendered useless? Think about data and applications before hardware. To what extent can your business continue to operate if most to all systems are down? Address every aspect of your backup, data restoration and recovery plans and processes that make you nervous. You’re probably nervous for good reason.
Who outside your company would you want by your side? You may find yourself super short on resources depending on the nature of the unexpected event. Reach out to your main vendors and ask for onsite help. They’re familiar with at least part of your network architecture and can be of more immediate help.
Have resources who can solely focus on analysis forensics. Keep your legal and communications teams close should things require their expertise and support. You may find yourself spending a lot more time updating your executive team than you may think. Be sure you have a proxy who can step in for you.
#4 Your core values
A crisis can bring out the very best and the very worst in people. Even the closest of colleagues can fray at the edges during a prolonged incident. Be sure to embrace your team’s or company’s core values and live up to those standards. Encourage your leaders to remain calm in front of others, and display compassion, patience, and empathy. It sets the tone for the rest of the team.
#5 Your technology and processes
There are an endless number of technical actions you can take to feel and be more prepared. Based on a number of more recent attack vectors and malware variants, here’s a list of technologies and/or related processes to consider:
- Network segmentation
- Identity authentication and access management (admin and end user)
- Anti-virus and vulnerability monitoring
- Intrusion detection / intrusion prevention
- Network analysis and forensics
- Endpoint and server hardening
- Patch management
- Network inventory and asset management
- Backup and recovery
Sure, I get that you have like 5 minutes every other Thursday to consider what is not on fire right in front of you. But at least in your day to day work, you may find an opportunity to make some progress in the areas that may matter the most to you.
After all, incremental progress is better than none at all.