What if we would treat cyber incidents like fire?

When talking with my customers about incident response planning and especially about people and processes aspect of that I often compare that with fire drill because that way it's much more tangible. Today I started to challenge myself in this topic and started to wonder what would it take from us so that we could truly treat cyber incidents like fire?

First of all fire and all security built around it is quiet phenomenal how universal that level of caution and prevention around it is but still thousands of people die because of fires every year. It also accounts trillions of dollars in damage worldwide. Last year total cost of cyber crime added to over 1 trillion dollars so we are talking about same scale from cost perspective.

We have all seen this sign everywhere in the world when we are using lifts. Because of that in case of fire we know that you shouldn't use the lift and we can exit the building as safely as possible. But both in fires and cyber incidents people are often the weakest link and there's always fire wardens and additional signs that will tell us where to go and what to do. In lifts there's also emergency/telephone button that you need to press for five seconds and you'll get connected to operator that can help and give you guidance you in case of emergency.

I'd like to challenge you to think whether or not your employees know what to do in case of cyber incident and is there signs, emergency telephone and "cyber wardens" helping them know what to do, who to call and where to go?

Whatever environment you work in – from an office to a school – fire drills are an essential part of your workplace fire safety. Very few organizations are truly doing "cyber safety drills". There's some phishing emails every now and then and organizations do audits and penetration tests. But far too often all of these are compliance "tick the box" exercises and as an outcome employees of organizations doesn't know what to do in real cyber incident. That applies also to fire fighters in your organizations if you don't do cyber drills frequently enough.

You might have also seen sign saying "No smoking, penalties may apply". Same principle applies to cyber incidents because there's direct cost associated with every incident, but there's also significant risk of getting fines if you end up as victim in data breach and haven't handled the data accordingly. In 2018 over two thirds of data breaches required public disclosure.

So if we would translate fire safety checklist to a cyber safety checklist it could look like something like this.

• Installing an adequate number of suitable monitoring, prevention and remediation technologies and testing them regularly is the first step in your cyber safety plan. (alarms)
• Having a written incident response plan in case of cyber incident and practicing it regularly. (introductions)
• Make sure all the remediation and quarantine capabilities are readily accessible in case you need to start preventing further spread of incident. (keys)
• Never leave ports, file shares and storage open to public domain. (prevention)
• Take extra care when handling intellectual property, personal identifiable information or any other sensitive data.
• Don’t overload systems and switch off machines when not in use.
• Always keep credentials and machines away from people around you (children) and educate them that they are “tools not toys” to only be used by authorized users. (lighters and matches)

This article could be continued for several more pages because there's so many touch points that are very similar between fires and cyber incidents. I genuinely hope that this article opened eyes of at least one of the people reading this and you start treating cyber incidents more like fires in your organizations.

Be safe, prepare and practice.