5 questions to ask before a breach happens
Use these five questions to start the conversations necessary to 'assume breach' and plan ahead.
Are you prepared?
While prevention continues to take the spotlight (and budget), it’s time to shift to an ‘assume breach’ mindset. To get started, ask and consider these five questions. Consider each a conversation starter.
1. What is your mindset/approach?
Have you embraced the “assume breach” mindset? Over the last year, multiple audiences overwhelmingly signaled acceptance of the notion that breaches are more “if/when” than something that can be prevented.
However, most struggle with the actions necessary to bring necessary changes.
If you accept the ‘assume breach’ mindset, what have you done about it? What are you measuring, and how? And what are your priorities? Do they represent the shift, or are you struggling to break free from legacy approaches?
2. How much confidence do I have?
How confident are you in terms of your people, process(es), and technology? Are people in the right positions for their skill sets? Are your processes decreasing value while increasing workload? Is your technology paying off as expected?
Broader, consider your capabilities and confidence in terms of prevention, detection, and response. How confident are you in your current preventative controls? Why?
In the event prevention is bypassed, would you notice? How quickly would you detect it? How accurate is your response?
Ultimately, the shift to ‘assume breach’ is an opportunity to make improvements. Change up the the training and roles of people. Create and update processes. Evaluate and change technology.
3. What can I automate?
When faced with a lack of time and resources as threats and demands mount, we need to rely on automation. That means actively exploring what to automate across prevention, detection, and response. The key is ensuring the automation improves the condition of the team -- extending the capabilities by actually allowing people to focus on the areas where they provide the best value. Automation that creates more work just creates more problems.
4. What can I learn from testing?
Reframe testing from a demonstration of success to an opportunity to learn about areas for improvement before someone exploits them. Explain the importance of rehearsing to find out where to place focus. Design the tests -- whether internal or hired -- to validate what you know and probe the areas you feel less comfortable. Over time, you should see improvement while making sure your focus is where it provides the most protection, the best value. Are you improving based on testing?
5. What happens when a breach happens?
More than the other questions, this is a real conversation starter. In most cases, this is a series of conversations that leads to more work. As the realization of if/when a breach happens sets in, it means defining a clear understanding of the actions that need to be taken.
In the event of a breach, are the priorities of the business mutually understood and clear? Are the capabilities and procedures of your team matched to those priorities?
What are the steps in the immediate hours and first few days of a breach? Have you considered what the impact would be? Who else needs to be involved, and are they prepared to work as part of the team?
Use these questions to start conversations and ignite your journey
Journey to the ‘assume breach’ mindset by starting with these five questions.
There are many steps in this process, from briefings to conversations and even table-top or actual exercises. Better to ask the question before the breach than try to figure it out amidst the potential chaos and stress of an incident -- especially when it makes the headlines.
Along the way, it requires conversations with executives and the board of directors. It means defining and aligning priorities, measurements, and actions. It means learning what and when to let go, and focusing on what works.
While it may feel slower than we’d like, incremental improvement is okay.