When building and maintaining a comprehensive cyber defense strategy, seemingly simple measures — such as having crucial phone numbers written down on paper — often get overlooked. What are other steps that organizations shouldn’t forget to take?
“I can’t overstate the importance of practice and planning, writing your playbook, testing it with tabletop exercises, documenting gaps, and working to close those gaps,” said Stephanie Hinnerschietz, Boeing Enterprise Security Supplier Incident Focal. “Those gaps can be things like, ‘Wait a minute, this team needs to be involved in this part of this process.’ “
“Or,” she added, “the first time my team ran a real-time ransomware attack tabletop exercise, we were discussing paying or not paying the ransom. And then we realized we’re not the ones who would even make that call. So, we needed to make sure that our playbook has the people who do know how to make that call in it.”
It can be hard, Hinnerschietz said, for organizations to make sure they have really thought about a cyber strategy in a “360-degree sort of way” without the right sets of eyes on that strategy.
Another tip, Hinnerschietz said, is to take small portions of the playbook and run through them with mini tabletop exercises.
“The full playbook will involve many things, such as what to do if you have this type of incident or that type of incident,” she said. “So, being able to take it in bite-sized chunks can be really effective.”
And don’t forget, she added, to ensure logging mechanisms are protected.
“The worst thing, when you’re in an incident, is realizing that a bad actor has encrypted your logs and you cannot investigate what has happened, what data they accessed,” Hinnerschietz said. “You are completely blind.”
To avoid that, she said, “make sure that your logging is separate enough that you’ll be able to investigate. That’s one of those important things that may be overlooked.”