How to Minimize Cybersecurity Failure? Plan for it

You may have noticed that Finland has remained very calm during the current crisis. That’s largely down to their planning, and practising against the plan. 2020 is turning out to be the year of ‘resilience’. When you get some time, test how resilient your organisation is…:

[…] It’s recommended to take our plans and break them. Attack them until they fail, or artificially fail them. Take prized resources out of action and consider, “What then?”

For an integrative planning exercise, consider events that could possibly result in collapse, particularly if the event is unusual or unaddressed. Steer clear of probability for now. It’s a great tool for prioritization, but for a comprehensive response review, stick with the possible. Stress every response and recovery action not just to failure within its normal space, but from an integrated threat or surprise. For instance, do you make regular, encrypted, remotely stored back-ups? What happens if you need the back-ups and they are denied to you for any reason? Not likely, perhaps, but possible, and then what? Do you have a notional roadmap to recovery, an option to get back to production until you can solve the bigger problem? Maybe you should. This activity will give you a sense of how hard you need to push for things to fail and help you build a list of recovery considerations. It will also give you a sense of your strength and resilience.


Original article here