Proper Prior Planning

Prevents Piss-Poor Performance.

We have mostly all been told this at some time in conditions ranging from preparing a 2 minute lecture on ‘The Candle’ to freezing one’s extremities off in the Brecon Beacons, Yorkshire Moors or even worse, and everything in between.

As much as occasionally ‘winging IT’ may give you a buzz, especially if you get away with it, the many cold hard eyes of scrutiny (like the FCA and ICO) in matters cyber mean that this is not an option.

Today the Bank of England is ‘hosting’ a day of ‘war games’ to assess how prepared some of our largest financial institutions are for a cyber attack.

Despite the fact that this is obviously a planned event, the participants will no doubt be expected to respond to situations that they may or may not have prepared for, probably both.

Knowing that this event was on the calendar and that scrutiny would include comparisons with other financial institutions, you can bet that these organisations will come prepared, and they can probably afford to.

Even if your organisation is not invited to the hallowed vaults, it is imperative, not just recommended, that you prepare an incident response playbook, keep it updated and test it, preferably with a third-party referee.

Whilst it might seem like a lot of work with no immediate value, this process will prepare you for a breach, answer the hard questions you will be asked by the aforementioned regulators post breach, putting you and your business in a much better place.

The detail of incident response playbooks are not appropriate to be shared in a blog, however they might include, the people, processes and technologies to perform:

  • Preparation and enablement
  • Identification
  • Containment and triage
  • Investigation
  • Remediation and recovery
  • Post incident activities

If you do not have an incident plan or playbook, our experienced cyber consultants can talk you through a template and demonstrate the value, helping you prepare your business.

According to one of our associates who has been round the block more than once, including crashing into the back of a bus on the back of a motorcycle piloted by a reckless young fool of this Parish;

“If you don’t know those basics and move straight onto strategy and exercise, you will fall at the first hurdle. We need to stop talking about TESTING, which comes with connotations of failing or passing. This in turn drives people to muddle through and declare a “pass” as the prize.

Better to position a ‘Cyber Exercise’, which can be scored. The results might hurt a bit initially but open up the opportunity to discuss the lessons learnt and improve.”

Did someone say Gamification?

In other news this week, we were pleased to see the most venerable ‘Uncle’ Bruce Schneier say it is down to Governments to legislate upon and enforce the security of Internet of Ting TingsTM devices.

We have always thought that this is the only answer as illustrated in our December 2016 blog which concerned toys being used to harvest data and record kids pictures and conversations. What a difference two years doesn’t make!

The Christmas change freeze is coming, why not contact us at: [email protected] or 020 7517 3900 to prepare yourselves properly prior to 2019 and prevent you know what?

Thanks as always to the fairly tame Sages, especially (this week) RZ for supporting this blog.