At RSA 2019, Jason Escaravage from Booz Allen Hamilton explained why organizations need to have an incident response plan in place.
At RSA 2019, TechRepublic Senior Editor Alison DeNisco Rayome spoke with Booz Allen Hamilton's Jason Escaravage about why organizations need to have an incident response plan in place. The following is an edited transcript.
Alison DeNisco Rayome: I know Booz Allen recently released a cyberthreat forecast for 2019. Can you tell me what some of the top threats that organizations are facing are?
Jason Escaravage: I think from a threat landscape perspective, what's interesting is how some of the geopolitical conflicts and risks that have emerged over the last couple of years have started to manifest themselves into attacks and activity that are impacting commercial entities spread across the globe. Obviously, we had NotPetya in 2017, WannaCry related to that.
I think that we're starting to see much more mass targeting into industries that haven't necessarily experienced those types of attacks or activity in the past. Financial services, retail, defense, industrial-based, they're used to that type of activity, but what we've been seeing over the last couple of year is now manufacturers, health and life sciences, other types of organizations are starting to experience that same type of profile and it's changing the way they're thinking, so it's one the themes.
I think the other thing we're concerned about was in the threat report, was how similarly related kind of misinformation, or the weaponization of information, can start to impact companies from a branding perspective. So, using social media as a potential vector to create some kind of brand impact results either at a national level on an organization, but on countries, but also on commercial entities. Thinking about the impacts that can have in the future, it can drive a lot of change, both locally, politically, but also for the health and the stability of the global commercial organizations.
SEE: Incident response policy (Tech Pro Research)
Alison DeNisco Rayome: Yeah, that's huge. Can you tell me a little bit about why organizations should make sure that they have an incident response plan in place to fight those attacks?
Jason Escaravage: A lot of people always say it's not a matter of if, but when. But I think, inevitably, most organizations think about crisis management and they have some type of overall crisis plan from a business continuity standpoint. But more and more, we're seeing organizations across different sectors starting to get impacted from an online cybersecurity perspective, so they need to understand how to operate in those situations. They need to know what resources need to be part of it, what procedures and activities they're going to execute to return them to service and to turn them back to business as usual.
I think it's inevitable, so I think, at some point, all the organizations that have that kind of global exposure, they should be prepared to deal with it and deal with the inevitable.
Alison DeNisco Rayome: Do you have any advice for organizations in terms of actually creating and implementing an incident response plan?
Jason Escaravage: Yes. I think, most importantly, make it real. I think a lot of organizations view it from a policy standpoint because they want to put the document together so that it exists, but it's usually focused at a very strategic level. It doesn't get down into the individual type of events or scenarios that are likely to play out. What happens there is, they're going to have to bring in different team members and different parts of the organization to respond when you experience those types of events, and sometimes they're not included in the plan development or in some of the workshops, or the run-throughs.
To me, I think if you're going to spend the effort to put something like that together, spend the time to bring everybody to the table to get the plan right. Make it real, make it actionable, so in the event something does happen you're ready to go, and it's not just a piece of paper.
SEE: Network security policy template (Tech Pro Research)
Alison DeNisco Rayome: Excellent. Do you have any particular advice for CISOs as we forward into the year in terms of monitoring the cyber threat landscape or making sure that they're staying safe?
Jason Escaravage: Yeah. I think, in general, the theme is compliance isn't enough. You need to be aware of the threats that are likely to... that your organization is likely to encounter or experience and really getting a threat-focused mindset into the organization so that it's not a shock when something happens and also people are aware of the kinds of things that they're likely to experience.
As the scope of what CISOs have had to worry about has expanded from enterprise IT into the global manufacturing space, as we move to cloud, and mobile, and IoT, I think it's only going to become more important that we start thinking about what are all the risks and the threats to those environments, and how, when we experience them, can organizations handle it in a very measured, calculated way to then get us back to business as usual.
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- Phishing attacks: A guide for IT pros (TechRepublic download)
- Information security policy (Tech Pro Research)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)