Who would think a coffee shop, barista and cyber security would have so much in common. There has to be a joke in there somewhere. Organisations tend to have a bad habit of implementing (or are sold) over complicated technology. The IT solutions are presented before even understanding the problem they are trying to solve in the business. What happens when you complicate technology, have an already busy and overworked IT provider, and then one day, D-Day occurs. It creates the perfect storm.
Yesterday, we dropped a friend at the airport. While he checked in, I ordered us coffees . Please bear with me while I draw this scene.
My order for coffee was placed. There were only three of them, and they weren’t complicated or high maintenance. I counted about 65 clicks on her Point of Sale terminal before I could even pay for my coffee. The person attending to my order then had to print a docket and give it to the barista (who was non-existent). He was somewhere else not doing his job. Once he returned, he was confused as to which orders to work on first, resulting in a couple of angry customers. For a busy airport, I would have expected double the staff in the shop (or at least competent ones). This goes to show that complicating simple processes like making a coffee can lead to other issues and some of them can be catastrophic to a business. Some tend to do that in business, especially around protecting information and data. Go straight to the technology solution, adding complication, time and unnecessary money spent, when a lot of the time we have not really identified the key problem.
This experience at the airport led me to draw parallels, and wondered why cyber security incidents are handled so poorly in organisations. Is it due to a lack of staff, experience, inefficient processes, or all of the above?
We have dealt with a number of IT providers, directly and indirectly over the years, and the key message we get from most of them is “We are so busy and don’t have time”. So what happens when you have a cyber incident and you are relying on this company to provide support? Well in our experience, the end of the story was not a happily ever after scenario.
When incidents occur in your organisation, they are generally occurring because your IT provider is not managing a system correctly, or you have an issue with staff in your organisation doing something that is leading to the incident to occur. Either way, it is prudent to leave incident response to an independent party. This is because there is no bias when having to make some hard decisions on your behalf around what has to occur.
Developing an Incident Response Plan (IRP) for your organisation is the first step. What’s that? Your IT service provider has said they have one? Yes they do — to support the myriad of customers they have, but is it customised for your requirements and SLAs? You need an IRP for your organisation because while IT is one component, how do you mobilise your people and processes as well to adjust to disruption in the business?
An Incident Response Plan (and the independent management of this) is about reducing your reaction time to an incident. The ability to react quickly to events is what is required. Don’t be fooled by the word proactive. It is proactive to have an IRP in place. When an incident occurs, you will only know about it when the incident actually occurs. This is a reaction. We are about to reduce that reaction time.
If you want to have a discussion about incident response requirements, we are happy to do that over a coffee. I’m sure the coffee shop’s reaction time will be much better than our previous experience.
Happy Tuesday!
The Thomas Cyber Team