Many organizations are struggling with how to best manage and mitigate the array of cyber risks they are facing. Those growing number of risks — from deliberate threats such as ransomware, data theft and social media hacking to non-deliberate risks such as poorly trained employees or issues that spread through the supply chain — can be challenging to quantify, prioritize and prepare against.
But don’t despair, said Andy Jabbour, the co-founder and managing director of Gate 15, there is hope. Andy recently wrote a series of blogs outlining how the Preparedness Cycle, which is often used to prepare for traditional threats, can also be implemented to help organizations prepare for cyber threats.
“The preparedness cycle has been around for quite a long time now and it has been used by the Department of Homeland Security, FEMA, and other federal, state, and local government agencies as part of managing the preparedness process,” Jabbour said during a recent Cyber Chat Podcast about his blog series. “The idea of applying it towards cyber risk is maybe something people don’t necessarily think about right away, but it certainly applies very well.”
As Jabbour noted in his eight-part blog series (linked below), a key part of successfully overcoming the impacts of incidents, including cyber incidents, is taking the time to properly prepare. Building a flexible, multi-year plan that addresses all stages of the Preparedness Cycle can help to provide the focus, thought and structure needed to begin tackling cyber risks in a more thoughtful and organized way, Jabbour said.
The Preparedness Cycle includes five general steps for organizations to work through when it comes to addressing their cyber risks (for an overview of the process, start with Jabbour’s Introduction to the Preparedness Cycle):
- Preparedness and Operational Planning
- Organize and Equip
- Awareness and Operational Training
- Evaluate and Improve
“No one has time to tackle every threat or to build a plan for every potential situation that may arise, so you need to build adaptable plans that work on addressing the most important risks,” Jabbour said. “We can’t do all of it, but we can do some, and if we’re smart we can try to put some things together to get the most bang for our buck — in both our training and our exercises.”
For more on the using the Preparedness Cycle to help manage your organization’s cyber risk, read the blog series above or listen to our Cyber Chat podcast.