For several weeks now, we have been touting
the Cybersecurity Framework developed by the National Institute of Standards and Technology
(NIST). The NIST framework encapsulates a thorough, structured approach to
managing cybersecurity holistically according to five tenets: Identify, Protect, Detect, Respond, Recover.
In this final installment of our “Malware
Manual” series, we explore the final NIST principle, “Recover.” NIST lists only
three types of action at this stage: plan, improve and communicate. And in our
research for this post, we discovered that few articles by cybersecurity
experts address all three activities at once. So, to close our run of posts,
we’ll bring together recovery planning, improvement and communication guidance
in a 1-2-3 process for you:
Your Recovery Before You’re Breached
Eileen McCooey, consultant and regular contributor to Baseline magazine,
encapsulated recovery planning into the most concise set of bullet points we
encountered. We like her selection because it integrates mindset with
specific action. She writes, “To help minimize damage, organizations
should be ready to take these five steps in the aftermath of a breach:
evidence and consider consequences of every action taken.
flexible and adapt to evolving situations.
consistent methods for communication.
your limitations and collaborate with other key stakeholders.
actions and findings and be prepared to explain them.”
Your Future Process as You Investigate Your Current Breach
As we reviewed a column by CTO Tom Beale in Information
Management about assessing risk, we realized Beale’s “10 questions organizations should
be asking” before a breach should be
asked during a breach investigation, too. This approach ensures your pre-
and post-breach processes unite in a cyclical continuum that helps your
organization keep pace with evolving threats. In essence, we advocate you
review 10 issues – data landscape, security culture, third-party
contracts, organizational hierarchy, IT history, network configurations,
security budget, security of your products and services, outsourcing
policy and infrastructure-to-employee ratio – every time any one of them
is compromised by malware or an attack.
Before, During and After Any and Every Breach
When we perused a post by CEO Marty Puranik on
the readwrite blog, we recognized that communicating
inside and outside an organization before, during and after it’s breached
was a core theme. Puranik’s communications counsel boils down to three
- Round Up a
Who’s involved in your cybersecurity
communications team varies according to the size and nature of your business.
In the least, your full management group, full IT team -- including Managed Services Providers (MSPs) – and legal advisors should be in the mix. Larger
companies may expand to include human resources, investor relations, operations
and other departments. Puranik also advises adding forensic investigators who
can “trace the breach to its source, assess its scope and assist you in forging
a remediation plan.”
- Have a Standing
Puranik says, “To be most effective, your
communication plan should address all implicated parties: customers, employees,
investors, and business partners. Avoid being misleading in your communication
and withholding details that could help people better protect themselves.”
- Reach Out to All
“…It is wise to notify your local police, or
even FBI, immediately after you discover the breach,” Puranik advocates.
“Depending on your legal requirements, you may also need to contact specific
government branches. Do your research to find out what exactly you are required
to disclose. The type of data stolen, financial versus health for example, may
require additional steps for you to take, such as notifying the FTC.
Puranik’s closing recommendation resonates
most with us: “If cybersecurity isn’t your company’s expertise, you may want to
work with an expert provider whose job is to ensure the safety of your data.”
Where have you heard that wisdom