A FEW QUESTIONS TO ASK YOURSELF AFTER HEARING ABOUT ALL THE RECENT CYBERSECURITY EVENTS.

“A CYBERSECURITY OR INFRASTRUCTURE EVENT DOES NOT HAVE TO HAPPEN TO YOU DIRECTLY TO CRITICALLY IMPACT YOUR BUSINESS.”

Recent Significant Cybersecurity Events

1

CDK Global “RANSOM EVENT”

Think about this. It was 15,000 car dealerships that were impacted. How many of those dealerships have multiple sites under a single license umbrella? I wonder how many more locations of each of those 15k dealerships had been impacted. How about their supply chain impact.

2

CROWDSTRIKE “INFRASTRUCTURE EVENT”

A CrowdStrike update caused the largest documented IT outage that crashed millions of Windows systems. Critical services and business operations were disrupted worldwide across various industries. There was not one thing any of the businesses IMPACTED could do about it.

3

SNOWFLAKE “CYBERSECURITY EVENT”

Hackers gained access by exploiting unencrypted usernames and passwords stored on a worker’s machine and in a project management tool called JIRA. Snowflake has notified 165 “potentially exposed organizations” of the incident like Ticketmaster, AT&T, Neiman Marcus Group, Advance Auto Parts, Santander Banking, Los Angeles Unified School District, and many more. One company housing data will IMPACT millions of users. How do you prepare for this?

“WHAT WOULD HAPPEN IF YOU HAD A CYBERSECURITY EVENT?”

REAL-LIFE RESPONSES TO THIS QUESTION from various levels of decision makers and departmental leaders.

WHAT WOULD HAPPEN IF YOU HAD A CYBERSECURITY EVENT.

Already happened and we hope it does not happen again.

… We have everything in place with complete protection.

… Our data is backed up every day. We would just restore our backups and be good to go.

Our systems are distributed across multiple datacenters and geographic locations.

… We have 100% uptime or close to it.

We are good, we do not have to worry.

… We have cybersecurity insurance.

… That is why we keep our data on premises, so we are safe.

… We have an MSSP with a NOC.

Our data is only important to us. No one else would want it.

We use Microsoft/Google, and they back up our data.

ALL our data is stored in the cloud, so again, we are good.

Our MSP provides all the protection for us. That is why we pay them so much. (chuckle, chuckle)

I do not know. I guess our IT group has it all covered.

… We are good, we just hired a dedicated security person for that, plus we use (Name that security product/service), and they help take care of all that.

… I guess we would have to resort to paper.

That is a very good question.

Are these typical responses safe enough, deep enough and responsible enough in today’s environment?

QUESTIONS TO ASK YOURSELF BEFORE OR AFTER YOU HAVE YOUR CYBERSECURITY OR INFRASTRUCTURE EVENT.

Many businesses have already had their first or multiple cybersecurity event.  If this is you, adjust the narrative of the questions to reflect your status.

  • What happens when your computing environment has an incident?

  • What happened when your computing environment had an incident?

  • What happens when your computing environment becomes inaccessible for an extended period?

  • What happened when your computing environment became inaccessible for an extended period?

  • What would you do if you tried to log into your company’s computing environment and could not?
  • What did you do when you tried to log into your company’s computing environment and could not?
  • How will your business be impacted and how long can you maintain operations?
  • How was your business impacted and how long before you regained operations?
  • Which of your computing systems are most critical to your business?
  • Which of your computing systems did you discover was most critical to your business?
  • What are the alternate methods you have in place, tested, and verified to conduct your business while your systems remain inoperative or inaccessible?
  • What new and updated methods are in place, tested, and verified to conduct your business when your systems remain inoperative or inaccessible again?
  • What kind of incidents have you personally or your company experienced in the past and what kind of impact did they have?

EMERGING CYBERSECURITY RELATED QUESTIONS TO ASK AND ANSWER

The reach of cybersecurity events continues to deepen and so should the questions we ask of ourselves, our data, our partners, our customers, our responses, and our expanding action plans.

CYBERSECURITY PLAN

What is your Cybersecurity plan?

When was the last time you tested your cybersecurity plan?

Where is your documented cybersecurity plan located and who has access to it?

How many distinct products and partners are involved in your cybersecurity protection landscape?

What are the action items and contact representatives in the event of a cybersecurity event?

What is the status of your cybersecurity insurance?

When was the last time you reviewed or updated your cybersecurity plan?

When was the last time you had a compliance audit?

What are your partners and vendors cybersecurity stance and response testing schedule?

What are your customers and vendors cybersecurity preparedness plans?

How do you maintain secured copies of ALL your data you interact with?

How do you maintain, copy, or protect your data that is processed through your SaaS partners systems?

What DR/BC plan do you have in place for ALL your data?

How many times have you tested this plan in the past 6-12 months or at all? What were the results and findings and how did the remediation progress?

How many team members have tested and verified your DR/BC plan?

Who are the different participants in your DR/BC plan?

What is your communications tree in the event of an incident and where is the documentation?

Which part of your DR/BC plan is documented, available, and reviewed regularly?

Which partners do you rely on to conduct your business?

Do you maintain, have access, or have a copy of your data processed through your SaaS partners systems?

What should you do when your SaaS partners systems computing environment becomes inaccessible for an extended period?

What is your partner(s) going to do when their computing environment becomes inaccessible for an extended period?

How many different technology partners are you relying on to house your critical business data?

What percentage of this data belongs to, or is directly generated with or for your customers?

What is your SaaS partner’s plan in case of a full or partial outage incident?

What conversations or documentation have you requested regarding your SaaS partners DR/BC plan?

How do these initial questions make you feel, personally?

How are you handling the customer data you have gathered and the risk surrounding it?

What customer data do you maintain that could be potentially be exposed in a cybersecurity event?

How are you protecting your specific customer data?

How would a cybersecurity event within your computing environment potentially impact your customers?

Have you had conversations with your customers relating to this subject and what has been your response?

When and how much of your incident response and prevention processes and controls are documented and regularly tested and verified?

Are you going to pay the ransom when you have an event?

Will your insurance cover it?

What did you discover the last time you reviewed or renewed your cybersecurity insurance?

Are you providing your customers and partners with the same information you are asking from your partners?

Will your company be able to recover from an incident and how long will it take?

What did you discover the last time you ran through a desk top event exercise?

If you experienced an event in the past, how was the situation handled, what did you learn, and what protocols have you put into place to minimize the risk moving forward.

Human error remains the leading cause of data breaches, with 34% of enterprises pinpointing this as the root cause.

Cloud assets, SaaS applications, cloud storage, and cloud infrastructure management remain primary targets for attacks.

What education are you regularly providing to your employees to avoid an incident?

Are your employees improving in their cybersecurity awareness and how have you documented their progress?

What proactive measures have you put in place to prevent users from being deceived?

How many direct discussions do you have with your leaders and employees regarding your response when you experience an incident, and what to do to prevent them at all costs.

If you have had an incident in the past, what measures have you put into place to prevent another incident, and have you maintained and progressed your posture towards these efforts?

Who are all the potential participants that would be involved in an incident and when is the last time you reviewed a plan with each one including updating documentation, response, and contacts.

At the very least, run a regular tabletop exercise to poke any glaring holes in an incident recovery plan.

Involve different employees from different departments and job roles to establish a more comprehensive view of how you will need to react and respond.

Establish an incident document that can be built upon.

Review everything regularly.

TO FOLLOW IS A LIST OF VARIOUS ASSESSMENTS AND CASE STUDY OPTIONS TO CONSIDER.

  • Security Assessment
  • IT Department Assessment
  • Technology Infrastructure Assessment
  • Compliance Audit
  • Cloud Assessment
  • Data Assessment
  • Partner Assessment
  • Customer Data and Access Assessment
  • SaaS Product Assessment
  • Next Generation Business assessment
  • Education Assessment
  • Current Technology Contract Assessments and Reviews
  • DR/BC Review and Testing
  • General Business IMPACT Assessments of other utilized products, services, partners, customers, and secondary sources.

With Five Opportunities help.

A FEW QUESTIONS TO ASK YOURSELF AFTER HEARING ABOUT ALL THE RECENT CYBERSECURITY EVENTS is another resource method we use to identify and spotlight areas to improve your overall business posture.

Contact us to schedule a meeting or assistance formulating your own personalized Cybersecurity or Infrastructure Event Questions and find out how your business can be more data-driven today and far into the future.

Five Opportunities maintains an extensive library of data strategy resources and content all centered on helping businesses and individuals become more effective at leveraging their data.