When Digital Fortresses Fall: The 72-Hour Playbook That Saved Microsoft from Total System Collapse

Download MP3

So if you are any kind of private enterprise company or business, what should you have in place to defend or protect against a cyber incident? Whether it's a hacking incident, a ransomware incident, or even an internet outage incident, this is a great article from an insurance publication called Insurance Business that talks about minimum best practices – not nice to have, but must have.

A well-drilled, regularly tested, comprehensive cyber incident response is no longer nice to have – it's an absolute essential. What that means is just like if you have fire drills or other types of incident response in your company, you should have a plan if there is a cyber attack. What are you going to do? Who does what? Remember, when you have a cyber attack, you may not have access to your server, to your client list, to your accounts payable, accounts receivable. Your customers might not have access to you. You want to go through everything to make sure you have a plan to keep your business alive, to keep your operation functioning.

You want to be able to sustain operations until the cyber event is over, and that may take a while. Maybe you have a cyber insurance policy, maybe you have some type of technical IT department, but you want to have all your staff in every department – payroll, HR, sales – all have a plan and have things written down in a notebook or printed in a notebook. You don't want to have to rely on digital checklists for this because they may not be available. It's crucial to have this response.

Ideally, you'd also have some external response because if your company is paralyzed by a hack or ransomware, you may not have all your resources to have an outside company be able to do it. Kind of like you call the fire department if your building catches on fire – you want to have an outside resource. Many cyber liability insurance policies have built-in cyber response in addition to active monitoring. It's kind of like when you buy cyber insurance, they give you smoke alarms and they give you a fire department. You want to have those two things. You wouldn't want to go without those in a business, just like you wouldn't want to go without the fire protection in a business.

This is a very, very important resource for protection in your company. A lot of businesses aren't aware of it yet just because it's a new thing. It's not that there's anything wrong with your business – it's just cyber attacks are relatively new. And the other quote from this insurance broker says lots of attention have been placed on cyber risk management and preparing for attacks, but what this incident taught us is that disruptions can come from a whole variety of types. We need to be drilled and prepared to respond as much as you're there to protect it.

Just like using the analogy of fire, you have fire exits, you have fire prevention, you may have fire extinguishers, you may also have best practices to not put oily rags next to the boiler. You may not allow smoking or open flames in the warehouse, but you have to have a response plan so if something does happen, it doesn't get out of control quickly. And they talk about some of those here.

Experts stress the importance of out-of-band communications. What that means is how are people going to communicate if you don't have your server, if you don't have your Salesforce, you don't have your Slack channel? How are you going to communicate? How are you going to get in touch with your customers or your clients or your vendors? You have to have a formal incident command structure – who's in charge, who does what, who says to do what. You have to be able to send information outside your company to other stakeholders.

The key components of that plan are: you have to prepare for it, you also have to have a way to detect it – that's the active monitoring that we talked about. You have to have a way to contain it so it doesn't get outside of where the damage is done and hopefully not outside of your organization. Many of these hacks extend outside the company to your customers or your vendors – that won't make for good business relationships. Then how do you recover from it, and how do you communicate?
So for more details on this type of response plan, you can click the link below – riskcoverage.com – and look at some of the information there. But it's important as a business owner, director, CEO to have a formal written documented business recovery plan and business response plan to a cyber attack, because this is all new and the more we hear about them, the more we're hearing companies that are having severe impacts from an unexpected cyber attack.

Thank you for watching another video at actualhuman.com and describe.TV. Remember, if you have questions or comments about our videos, put them in the link below. Also remember that you have availability and access to live one-on-one question and answer consultation with a licensed expert in a number of fields – investigations, insurance, surety bonds, civil court mediation, even things like real estate records research, real estate brokers, real estate mortgage lenders. In addition, you're going to find that experts are available in business segments – business development, marketing, advertising – certified licensed experts.

So if you do find this content valuable and you want to delve more deeply into a subject, you can't ask YouTube a question, right? But if you want to talk to somebody live – an actual human – use the link below. Thanks for watching.

When Digital Fortresses Fall: The 72-Hour Playbook That Saved Microsoft from Total System Collapse
Broadcast by