Jim Satterfield on the 2016 National Preparedness Report
The National Preparedness Report provides all levels of government, the private and nonprofit sectors, and the public with practical insights into preparedness to support decisions about program priorities, resource allocations, and community actions. The 2016 National Preparedness Report identifies cross-cutting findings that evaluate core capability performance, key findings in the Prevention, Protection, Mitigation, Response, and Recovery mission areas, and notable examples of preparedness progress over the past five years.
Firestorm President and COO, Jim Satterfield shares his insights on the report.
Companies and their customers face a world of increasing cyber threats. The 2016 National Preparedness Report provided us with a view into the government’s perceptions of our country’s current level of preparedness and response capabilities. Included in the report were three “Key Findings” related to cyber security. Homeland Security found:
- Key Finding: Cyber breaches that target personal information demonstrate the importance of cybersecurity information sharing between the public and private sectors, particularly in increasingly targeted industries, such as healthcare.
- Key Finding: Several high-profile breaches of Federal computer networks in 2015 illustrate infrastructure and workforce obstacles to securing government systems.
- Key Finding: While states are focusing more attention on cybersecurity by expanding the responsibility of state Chief Information Security Officers and investing a larger portion of their Federal preparedness grants in improving cybersecurity planning and equipment, cybersecurity capabilities remain at risk of decline.
These findings remind us of the of the TV commercials featuring ‘Captain Obvious.’ The white paper report restates the obvious, adding little insight and misses the mark. Your organization will experience a cyber breach. What the impacts will be is up to you.
A cyber breach is a business crisis, not an IT issue.
The 9/11 Commission identified that 85% of the U.S. infrastructure is in the private sector. Depression era bank robber, Willie Sutton, gave us ‘Sutton’s Law’ when asked why he robbed banks. His answer, “Because that’s where the money is.” Today, the 80% of the value of corporate assets has shifted from physical to virtual.
Every threat is perpetrated by one or more adversaries. There always exists some motivation for adversaries. It is important to identify (as possible) the motivation driving a threat, to determine if any company information assets will be a target.
Not all data is equal. These differences drives the response. Organizations must be prepared for all types of cyber-breach events. Data is everywhere, including personal data (PCI, PHI, PII) and intellectual property. These present rich targets of opportunity and can be accessed in variety of ways and at multiple levels.
A characteristic of these cyber-breaches is that they have and can penetrate a company’s perimeter data security defenses through multiple channels to exploit all layers of information security. Unfortunately, if a sophisticated attacker targets a company, they will be able to breach the data security in place. Knowing what changes to make now, will avoid or mitigate an impending cyber-breach business crisis, improve operational performance and protect stakeholders.
Every crisis is a human crisis. Both in impact and cause. Many cyber breaches come from actions by employees. Phishing is used because it works. The acronym PICNIC (Problem in Chair, Not In Computer) holds true.
What do you need to do now?
- Develop and maintain a Cyber Threat Intelligence Program to identify cyber threats and coordinate response to them.
- Maintain a current Information Asset Inventory.
- Increase employee awareness of cyber breach warnings signs and indicators.
- Train employees on what to do and not do.
- Establish an enterprise-wide Cyber Breach Response Plan to respond to and manage the business impacts of a cyber breach.
- Prepare a Cyber Breach Crisis Communications Plan with Message Maps.
- Conduct a Hotwash after any cyber breach and implement lessons learned.
- Identify the external resources needed now to support your cyber breach response.
“What should we do now?” “What should we say?”