Building Blocks of Cybersecure Culture for SMBs: Part 6 – Develop Robust Contingency Plans (and Test Them)

9/26/2018

Cybersecurity TrainingPer a recent analysis by Juniper Research shared by the international tech magazine ComputerWeekly, cybercriminals will steal 33 billion data records by 2023 despite new data protection mandates like GDPR. (Curious about GDPR? See our recent primer here.) This prediction represents an increase of 175% over the 12 billion records expected to be compromised this year, resulting in cumulative losses of more than 146 billion records during the next five years.

Moreover, Juniper researchers say the U.S. will become a more prominent target for cybercrime during this same five-year span. The analyst firm anticipates greater than half of all data breaches in the world will happen within U.S. borders. Why? Because the U.S. has so much consumer and corporate data generated by national and international sources spread across a disparate spectrum of institutions and regulations that finding and exploiting “systemic weaknesses” is easier for hackers.

Given this grim outlook, how can any business of any kind hope to cope with this sort of digital onslaught?

The CompTIA Cybersecurity Advisory Board believes the key is an important shift in mindset for organizations of all shapes and sizes: “Security can no longer be thought of as a technical problem with a technical solution; it must be treated as a critical business concern.”

So, the Advisory Board penned “ Building a Culture of Cybersecurity,” a white paper highlighting cybersecurity threats, issues, and considerations inherent in today’s digital environment. The executive brief articulates six guiding principles that will enable senior leaders at any business to assess and improve their organization’s approach to cybersecurity. To date, we’ve blogged about five of the six principles from an SMB’s perspective:

For the final installment in our series, we bring you…

Part 6 – Develop Robust Contingency Plans (and Test Them)

In their “Cybersecure” paper, CompTIA writers call creating a formal incident response team a “critical component of a cybersecurity strategy.” Here’s how they advise building this type of team:

  • Create a Crisis Management Playbook– Rank your most likely cybersecurity threats and draft robust plans for those scenarios. In your playbook include the roles and responsibilities of key departments and functions across your organization, including legal, communications, marketing and human resources.
  • Rely on Senior Leadership to Call the Plays – Your full leadership team should be engaged directly in any cybersecurity drills, simulations and education programs. Plus, your senior leaders should collaborate with your internal cybersecurity pros as well as the external support team assigned by your IT Managed Services Provider (MSP.)
  • Learn from Big Mistakes by Big Companies – Recall the lessons of 2017’s massive Equifax data breach. Leaders were slow to alert the public to the crisis, leaving more than 140 million users at risk of identity theft and exposing their organization to lawsuits and potentially irreparable damage to its reputation. When cybersecurity crises hit, act fast and communicate inside and outside your organization at the same clip.

Your IT MSP should be a pivotal component of incident response team and included in every step of the process.