In addition to being a security consultant by trade, I am a Chief Warrant Officer for the Massachusetts Army National Guard, where I mentor incident handlers and senior leadership on offensive and defensive cyber warfare. In this position, I am regularly asked for advice on all things related to cyber. One recent query from a newly promoted General Officer, whose role is the military equivalent of a Chief Operating Officer (COO) was around protecting the network should a compromise occur.
Here’s the advice I gave that General Officer:
Stop allowing your IT staff to measure risk of the IT services it maintains
Every IT enterprise has dark corners that contain vulnerabilities no one wants to acknowledge or address. By allowing the IT staff to “grade their own homework” a condition is created in which senior leadership will unknowingly incur additional risk.
Increase the detection capabilities of malicious activity on your IT enterprise
Zero-day vulnerabilities and the skill of a sophisticated attacker can poke holes into even highly secured networks. A best practice for your organization is to be aware of the malicious activity so you can mount an effective technical and administrative response.
Conduct Disaster Recovery drills of 20 percent of your enterprise annually
The idea of conducting a full scope or company wide Disaster Recovery drill can be so overwhelming that organizations revert to inaction. Reducing the scope to a manageable 20 percent of your enterprise and conducting it annually so it is predictable and fits into the organization’s tempo will help to reduce the burden and give you the confidence that you had the protocols in place to protect the network.