Activity Spotlight

How to Make Cyber Threats Real

Do your leaders understand what you're trying to tell them about cyber security? Do they really care about cyber threats and understand them? Or do they nod their head, agreeing there's a potential (maybe even small) risk, but then take no further actions to prepare for that dreaded day? I've been there. We talk about cyber risks and the threats they pose to our business, but the business doesn't seem to take a real interest...until the inevitable happens. We've been exposed to a potential cyber attack. An employee clicks on a phishing email and enters their credentials. The tech community is in a panic, wondering if they are affected by the newly exposed library vulnerability. A developer resigns after only 2 weeks of work...what did they do in that short amount of time?! When these things happen, the business becomes ultra sensitive to "shiny" threats and wants answers...fast. And because the spotlight is now on these issues, we make decisions that don't necessarily make sense or we miss the obvious. This is where planning is key. We never plan to fail, but we do fail to plan which then leads to more unanswered questions, undefined risks and potentially more sleepless nights. One of the best ways I've seen to help bring cyber threats to life is to perform a tabletop exercise. A tabletop exercise joins all key parties together to simulate a real-life event. I will walk you through the steps of planning and executing this exercise with your senior leadership team as well as with your tech team. It will shake out the bugs and point out the areas where more planning is needed. If you are well prepared for the dreadful attack, it won't seem as bad because you've proactively thought through what needs to happen. Lastly, I will give you a peek into our approach at a Cyber Attack Plan. This plan outlines different threats and is a great tool to use during a tabletop exercise. My goal is for you to leave, feeling confident about how you can plan for the inevitable - because you are never able to fully remove your cyber security risk.