CHAPTER 2Fail to Plan or Plan to Fail: Cyber Disruption Response Plans and Cyber Insurance
Intellectuals solve problems, geniuses prevent them.
—Albert Einstein
Could it be time to start over with a blank sheet of paper?
When was the last time your organization performed a comprehensive, top-to-bottom examination of its cybersecurity program? This assessment includes cyber protections, framework(s), processes used, tools used, standards used, threat intelligence capabilities, cyber incident response capabilities, budget, legal aspects, emergency management procedures, contracts, network architecture, protections in place, cyber insurance, cyber playbooks, penetration tests, internal and external partnerships, staffing (skillsets and vacancy levels), training, and more.
Perhaps a data breach (or other security incident) prompted this review, or auditors have highlighted significant material weaknesses. In some cases, a new executive leader demands changes, upgrades, or a new way of thinking.
The reality is that, regardless of the reason(s), every organization needs to consider such a cyber review on a regular basis. The dramatic changes faced by all organizations, including new technology paradigms, evolving cyberthreats, increasing customer expectations for digital transformation, and radical shifts caused by major events like the COVID-19 pandemic, demand a fresh look at cybersecurity at least as often as you upgrade critical technology infrastructure.
But how do we do this? ...
Get Cyber Mayday and the Day After now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.