Blog

CEO Corner: Preparing for the Unavoidable – Why Incident Response Readiness is Non-Negotiable

Twenty years ago, I began my career in information security. It was all about firewalls (the heyday of Checkpoint), content filtering (remember Bluecoat) and anti-virus (Symantec and McAfee were the name of the game). We were monitoring our network with Cisco MARS and just talking about hackers…not nation states, hacking groups, criminal organizations, etc. Things have certainly changed since then. Now, we call it cybersecurity, and you’re worried about implementing over 200 technical and administrative controls to be secure AND compliant. It’s tough to find the number and right type of resources you need to run your program, and you’re always challenged to show that you’re providing value with the investments you are making on an annual basis. And, to make it more difficult, as my buddy J.R. Cunningham would say, “The enemy always gets a vote!” 

Having worked in cybersecurity before it was even considered an industry, I’ve always started with a few principles: 1. Define your most critical asset(s) or what you are trying to protect; 2. Get as much visibility into your environment as possible so you can effectively monitor while you are putting the right controls in place; and 3. Be prepared to effectively respond with speed and efficiency when something bad happens as you build out your program. That will give you time to put together a plan of what you want to achieve over the next 2-3 years.  

One of the best defenses you can employ is a well-prepared team. When it comes to safeguarding our businesses, we can’t afford to play catch-up or try and react without a plan. Cyber threats are evolving rapidly, and it’s not a matter of if but when an incident will occur. This realization has driven us at Nuspire to provide critical services and build the scale of shared resources, as well as has created a hunger to constantly innovate and adapt. The goal is to react when necessary, protect proactively, and, in the future, be predictive while enabling your cybersecurity strategy. 

As I’ve alluded to, one of the most critical aspects of a robust cybersecurity framework is incident response. Think of your organization like an immune system. When a harmful germ invades the body, ideally, the immune system detects the threat and unleashes antibodies and other defenses to identify, isolate and eliminate the invader. However, if your immune system is compromised in any way, those germs can lead to illness or a dramatically compromised state. If you don’t have the right people, processes, technology and partners in place to respond to incidents in your environment, you could be in a world of hurt. This is where our latest offering comes into play. 

Our Incident Response Readiness Service is designed to prepare your teams for the unpredictable, enhancing their ability to manage and mitigate cyber threats through hands-on, practical training. By simulating real-world cyber incidents, we provide your team with a safe environment to practice their responses, improve coordination, and refine their strategies. 

The service includes tabletop exercises that replicate the unique risks your organization faces. These exercises are not just theoretical; they are dynamic and interactive, pushing your team to make real-time decisions as they would in an actual crisis. Through these scenarios, we test their decision-making, communication and policy application skills, providing insightful post-exercise debriefs that highlight strengths and pinpoint areas for improvement. 

But this service is more than just drills and practice runs. It’s about fostering a culture of continuous improvement and alignment within your organization. By engaging key stakeholders across various departments, we ensure your incident response strategy is cohesive and robust, ready to face any challenge. 

Leadership Principle: Successful Organizations Embrace A Culture of Continuous Learning 

As leaders, we must encourage our teams to constantly expand their knowledge and skills, ensuring they are equipped to tackle the challenges posed by cyber threats. It’s worth the time and investment to put your plan down on paper, test the plan, fix the gaps in your technology and processes, and make changes to the plan for next time. Not to mention, the exercise creates a lot of cross-team collaboration that, frankly, is healthy for every organization. 

Speaking from experience, there are few things in your professional life that are as scary as getting called on a Friday afternoon and being asked to come down to a “war room.” It’s a walk where the past flashes across your mind. Did I make the right decisions? Did I choose to buy the right security technology? Was my partner doing what they said they were doing? What am I going to say when I walk into the room? Trust me, you don’t ever want to be in a position where you’re not prepared; you want to walk in and project a sense of confidence that “we’ve got this and know what to do!”  

However, the hard work is done before the incident. It means providing opportunities for professional development, such as training programs, workshops and conferences, and encouraging our employees to take advantage of these resources. Ask your team what you can do to help them be more successful in any situation they encounter in the workplace. Help others get what they want, and you will have a successful program. 

Effective leaders must lead by example and demonstrate their commitment to continuous learning. I’ve probably read over 1,000 books over the past 20 years. It wasn’t because I loved to read as much as knowing that, to be successful, I’ve got to spend as much time honing my skills as the time I’m spending executing on my responsibilities. It also allows me to pay that knowledge forward for the benefit of others. By actively participating in learning opportunities and sharing our insights with our teams, we can inspire a culture that values growth, progress and adaptability. 

Some steps that you can take to foster a culture of continuous learning are: 

  1. Determine What They Desire: What do the members of your team want to learn and what do they want to achieve with their career?  
  2. Identify Knowledge Gaps: Assess their current skills and knowledge set to identify areas for improvement. 
  3. Develop a Plan WITH Them: Help them determine what is required to grow their strengths and compensate for their weaknesses. Then, let them “own” it. 
  4. Provide Learning Opportunities – Offer a variety of learning resources, such as training programs, workshops and conferences and individual projects to challenge them and help them expand their knowledge and skills. 
  5. Encourage Knowledge Sharing – I used to call this a brain exchange; if everyone is learning, they can always share what they have learned with others. If your team members educate others on what they have learned, it will always foster a collaborative learning environment. 
  6. Celebrate Growth – Recognize and reward individuals who actively pursue learning opportunities and demonstrate growth in their skills and knowledge.

By embracing a culture of continuous learning, we can build resilient, proactive teams ready to face any business challenge head-on. Remember, in the face of evolving cyber threats, a stagnant mindset is our greatest vulnerability. Let’s commit to continuous learning and stay one step ahead of the threats that lie ahead. 

Warm regards,
Lewie Dunsworth
CEO, Nuspire 

 

Have you registered for our next event?