rate your fate

Rate Your Fate: Are You Ready for a Cyberattack?

November 2, 2017 | By

Recently we conducted a webinar with Savage Security’s Adrian Sanabria and our CTO Todd O’Boyle. During the webinar, we asked audience members to consider various scenarios and “rate their fates.” In other words, how would your company fare if a given attack was leveled at your organization? We thought you might like to take a look at the questions we posed and see how your own organization might fare.

Here are the five areas where we asked questions and the questions underneath those. For each question, rate your organization on a scale of 1 (being “not ready”) to 5 (being “fully prepared.”)

Round 1

You can’t take corrective action if you don’t even know you’ve been breached… So round one of Rate Your Fate focuses on whether your have sufficient detection capabilities in place, as well as an incident response plan.

  1. Could you detect an attack inside the network?
  2. Could you detect sensitive data leaving the network?
  3. Do you have an incident response plan?

Your Points:

Possible Total: 15

 

Round 2

Communicating to the public quickly and transparently is key to recovering from an incident. You want to have a plan in place for how you will communicate, when, and with how much detail and honesty.

  1. How much transparency would your PR team allow?
  2. Do you have a breach PR plan?
  3. How quickly could you respond to an incident?

Your Points:

Possible Total: 15

 

Round 3

Your employees are your best line of defense. So they need to know what to do if they encounter an attack in the wild—such as the all-too-common phish.

  1. Do your employees know how to report something suspicious? Where to forward an email? Who to call?
  2. How many of your people would have reported the phish?
  3. How quickly could you take action on the phish?

Your Points:

Possible Total: 15

 

Round 4

An attack can be devastating from a lot of viewpoints. In particular, you want to think ahead about what you would do if a critical system took a hit, you had to give your customers bad news, or you found yourself the target of liability or a lawsuit.

  1. If you lost your most critical system, how much of your company would still function?
  2. What would you tell your customers if you lost their data? What will you tell the public?
  3. How many of your contracts have language on data loss liability?

Your Points:

Possible Total: 15

 

Round 5

Everyone should know their roles when it comes to security. If an incident takes place, your staff should already know who is going to handle it, in what way, and on what timeline. You should also know how the incident will be disclosed and when.

  1. Do you have a point person assigned to lead incident communications?
  2. What percentage of your employees know their roles when responding to an incident?
  3. How easy are your disclosure policies to follow?

Your Points:

Possible Total: 15

 

Get Your Score

Now, total your scores. Add them all up and divide by fifteen. You can think of this as your post-breach “maturity” score, on a scale of 1 to 5.

If you don’t feel ready, please take a look at some of our other blog posts, including this one, which has a link to our Incident Response Plan template, an in-depth guide to how to plan ahead for attacks. The difference between organizations that have a plan and don’t is very stark. There’s no reason for you to be in the latter.

You can also access the  webinar here: info.strongarm/webinar.