Use your computer fearlessly.

Mission Services Articles Research

everyone: older news

business: Intractable Cybersecurity, Quantum Communications

C-Suite Strategies for Cyber-Resilience

by Brent Kirkpatrick

(Date Published: .)

Cyber-resilience is built strategically through planning and allocating resources.

Are you feeling exposed to cyberattack or data breach? Your company can become cyber-resilient by selecting good strategies and preparation. The strategies involve knowing how many people you need for successful incident response. Preparations include team selection, budgets, and management decisions.

Recovering from a cyberattack or data breach usually requires 2-10 times more person-hours than your operating mode. If your normal IT operating budget for personnel is 10 FTEs, then you may need 20 FTEs or more, for the duration of recovery.

plot step-function cost

Successful recovery with cyber-resilience means that the increased cost of the recovery holds steady across the days of recovery. On the other hand, if your company's strategic approach or planning is inadequate, you will see an increasing cost for IT and security during a cyberattack. In some cases, your team can bungle badly enough that you contribute to the hacker's return on investment (ROI).

plot linearly increasing cost

Arranging for the extra person-hours needed to recover from a cyberincident is doable if you have a software company; you just re-task programmers from your development team to the security team for the duration of the incident. However, for most companies, this is not an option and the increased cost of at incident is a logistics challenge. If you plan ahead, this challenge is surmountable. If you forgot to plan, this logistics challenge becomes a nightmare.

Most companies look to hire specialized cybersecurity consultants and flex IT professionals to provide the additional personnel necessary for recovery. The cybersecurity consultants provide technical leadership together with your CIO and CISO. The core IT team with the additional flex IT labor constitute the recovery team. If you mistakenly assume that you only need the cybersecurity consultants and your own IT people on overtime, you might encourage the incident to fester and continue for quite some time.

The leadership team for the incident come with specialty skills. Your CIO knows all the existing IT infrastructure. Your CISO knows all the existing security precautions and risks. The cybersecurity consultants come with two specialties: incident response and digital forensics. Together, the technical leadership team should be four or five people.

In order to prepare for cyber-incidents, you need to have relationships with the people that you will need. This starts with the contact information for the cybersecurity consultants and for the flex IT people. It can extend to developing key relationships, so that you can reach people when you need them. If you wait for your cyber-insurance to suggest people, the good people might be too busy and you might get the second- or third-string talent.

In addition to key relationships, you need a budget. This budget should be dedicated for cyber-emergencies. It should cover the increase in cost for a recovery time of somewhere between six weeks and six months. It is unrealistic to hope that cyber-insurance will cover everything. Furthermore, your company will need to pay-out, before the insurance will reimburse some of the cost.

You will also need a tactical plan that covers key aspects of incident response. At minimum, this plan needs to consider the human elements. How much over-time can you afford during recovery? What is the reporting hierarchy for the IT people who are re-tasked from operations to security? Does the CIO temporarily cede authority to the CISO? Who do you listen to if the CISO and the cybersecurity consultants disagree? How does the CEO and the marketing team deal with the fall-out?

Save your organization money and time with good strategies and preparation.

Please contact us at Intrepid Net Computing if you need strategic solutions to cyberattack.

Trojan Hunter image

Trojan Hunter (TM). Digital forensics for Trojans at an accessible, fixed price. For any operating system.

Business Articles

IT as a Business Service

What is Cybersecurity Incident Response?

What is Wrong with Cyberinsurance?

Computer Security is Algorithmically Intractable

New Technologies for a New Cybersecurity Marketplace

Why Clean-Up Hacking?

INC Logo

What Is New? | Contact | Tips

© 2015-2021 Intrepid Net Computing. All rights reserved.