Cybersecurity Failure Is Inevitable – Plan For It

By Tim McGuinness, Ph.D. – Anthropologist, Scientist, Director of the Society of Citizens Against Relationship Scams Inc.

The Saying NEVER SAY NEVER Is More Applicable In Cybersecurity & Online Safety Than Ever

Businesses are aware they need to plan for their cybersecurity, but they don’t know they also need to plan for their failure!

Table of contents

All cybersecurity is ultimately dependent on people, and people fail.

In fact, people almost always fail – not every day, but eventually, someone will make a mistake. Cybersecurity must do the right things 100% of the time, but the bad guys only need one mistake.

Has your organization planned for failure?

Here is a suggested outline for an organization in the event of a cyber failure. It assumes that data has been accessed and that it was not just a hack but also involved some form of social engineering. It also assumes you are doing all of the good deeds on the IT front to secure your tools and platforms.

  • Secure Everything – this is self-evident and obvious, right? But rarely do organizations do this. After a breach almost any connected device can be a new backdoor – you found and fix the primary entry point, but how do you know that your CEOs connected phone has also not been compromised, or the accounts payable manager’s computer? Every device needs to be recertified as secure.
  • Trace Everything – look at all potentially related transactions and business actions for compromises. This can include file moves, financial transactions, emails, etc. If an intruder gained access then they may also have been engaged in under-the-radar actions too.
  • Blame Is Not Important – first fixing the holes, and then analyzing the causes are important. But people will make mistakes. By blaming your people you make it much more difficult to both identify the real situation and to gain their willing cooperation after the fact.
  • Overcome Paralysis – people who are attacked, even cyber attacked – be it a scam or ransomware or other technical attacks – will be fearful. They will not know (immediately) the extent of the attack or how far-reaching it may be. In such a situation people freeze. But your business needs to keep running.
  • Plans should include – switching to alternate processes that you people know and can trust.
  • Watch The Money – expect the attack to be related to data or money, and secure your accounts and processes that can be used to access your money. Freeze everything electronic until they are known to be safe.
  • Stay aware of what your assets are – that attackers might want, but also the potential impact throughout your organization when they access them – because eventually, they will.
  • Communicate With Your People – all of your people. As said people will be afraid; afraid they did something or that they are affected. A cyberattack should be a WHOLE OF BUSINESS response. No blame, just all hands on deck!
  • Expect Fallout – have contingency plans in place for all nominal types of attacks to deal with the aftermath. Cyber insurance is not enough. Have legal plans, HR plans, banking plans, etc. Be comprehensive and VERY PARANOID!
    Provide Trauma Support – your employees, especially those in the line of fire will experience some trauma – count on it! Each human will react differently based on their history and past trauma. Expect that someone will need counseling, up to and including your executives! This is where HR will have to step up and be the guide.
  • Retaliation – forget it. Bring in the police and the FBI if appropriate, but let them do their jobs. If needed bring in outside cyber forensic investigators. Wait for the real answers, don’t rush to assumptions. AND DON’T blame your people. If one of them made a mistake acknowledge it and support them to never make it again – but of course they will remain human and future mistakes will happen. How you treat your people after an attack will have a lot to do with the probabilities of the next one.

Plan For Failure

In short, whatever you need to do to plan for failure is what you need to do. It is going to happen to every business or entity. It is not a question of if, just when.

With the pandemic, we have all seen how we all failed to plan for a major contingency. Hopefully, we learned from this. Now let’s apply this to the global cyber pandemic we all face every day!

If your business needs help for the human victims of cybercrime, we are SCARS and we support cybercrime & scam victims worldwide! You can learn more about us at www.AgainstScams.org

Stay safe!

-/ 30 /-

What do you think about this?
Please share your thoughts in a comment below!

More ScamsNOW.com Articles

SCARS LINKS:   AgainstScams.org    RomanceScamsNOW.com    ContraEstafas.org    ScammerPhotos.com    Anyscam.com    ScamsNOW.com

reporting.AgainstScams.org    support.AgainstScams.org    membership.AgainstScams.org    donate.AgainstScams.org    shop.AgainstScams.org

youtube.AgainstScams.org    linkedin.AgainstScams.org    facebook.AgainstScams.org

PLEASE NOTE: Psychology Clarification

The following specific modalities within the practice of psychology are restricted to psychologists appropriately trained in the use of such modalities:

  • Diagnosis: The diagnosis of mental, emotional, or brain disorders and related behaviors.
  • Psychoanalysis: Psychoanalysis is a type of therapy that focuses on helping individuals to understand and resolve unconscious conflicts.
  • Hypnosis: Hypnosis is a state of trance in which individuals are more susceptible to suggestion. It can be used to treat a variety of conditions, including anxiety, depression, and pain.
  • Biofeedback: Biofeedback is a type of therapy that teaches individuals to control their bodily functions, such as heart rate and blood pressure. It can be used to treat a variety of conditions, including stress, anxiety, and pain.
  • Behavioral analysis: Behavioral analysis is a type of therapy that focuses on changing individuals’ behaviors. It is often used to treat conditions such as autism and ADHD.
    Neuropsychology: Neuropsychology is a type of psychology that focuses on the relationship between the brain and behavior. It is often used to assess and treat cognitive impairments caused by brain injuries or diseases.

SCARS and the members of the SCARS Team do not engage in any of the above modalities in relationship to scam victims. SCARS is not a mental healthcare provider and recognizes the importance of professionalism and separation between its work and that of the licensed practice of psychology.

SCARS is an educational provider of generalized self-help information that individuals can use for their own benefit to achieve their own goals related to emotional trauma. SCARS recommends that all scam victims see professional counselors or therapists to help them determine the suitability of any specific information or practices that may help them.

SCARS cannot diagnose or treat any individuals, nor can it state the effectiveness of any educational information that it may provide, regardless of its experience in interacting with traumatized scam victims over time. All information that SCARS provides is purely for general educational purposes to help scam victims become aware of and better understand the topics and to be able to dialog with their counselors or therapists.

It is important that all readers understand these distinctions and that they apply the information that SCARS may publish at their own risk, and should do so only after consulting a licensed psychologist or mental healthcare provider.

Opinions

The opinions of the author are not necessarily those of the Society of Citizens Against Rleationship Scams Inc. The author is solely responsible for the content of their work. SCARS is protected under the Communications Decency Act (CDA) section 230 from liability.

Disclaimer:

SCARS IS A DIGITAL PUBLISHER AND DOES NOT OFFER HEALTH OR MEDICAL ADVICE, LEGAL ADVICE, FINANCIAL ADVICE, OR SERVICES THAT SCARS IS NOT LICENSED OR REGISTERED TO PERFORM.

IF YOU’RE FACING A MEDICAL EMERGENCY, CALL YOUR LOCAL EMERGENCY SERVICES IMMEDIATELY, OR VISIT THE NEAREST EMERGENCY ROOM OR URGENT CARE CENTER. YOU SHOULD CONSULT YOUR HEALTHCARE PROVIDER BEFORE FOLLOWING ANY MEDICALLY RELATED INFORMATION PRESENTED ON OUR PAGES.

ALWAYS CONSULT A LICENSED ATTORNEY FOR ANY ADVICE REGARDING LEGAL MATTERS.

A LICENSED FINANCIAL OR TAX PROFESSIONAL SHOULD BE CONSULTED BEFORE ACTING ON ANY INFORMATION RELATING TO YOUR PERSONAL FINANCES OR TAX RELATED ISSUES AND INFORMATION.

SCARS IS NOT A PRIVATE INVESTIGATOR – WE DO NOT PROVIDE INVESTIGATIVE SERVICES FOR INDIVIDUALS OR BUSINESSES. ANY INVESTIGATIONS THAT SCARS MAY PERFORM IS NOT A SERVICE PROVIDED TO THIRD-PARTIES. INFORMATION REPORTED TO SCARS MAY BE FORWARDED TO LAW ENFORCEMENT AS SCARS SEE FIT AND APPROPRIATE.

This content and other material contained on the website, apps, newsletter, and products (“Content”), is general in nature and for informational purposes only and does not constitute medical, legal, or financial advice; the Content is not intended to be a substitute for licensed or regulated professional advice. Always consult your doctor or other qualified healthcare provider, lawyer, financial, or tax professional with any questions you may have regarding the educational information contained herein. SCARS makes no guarantees about the efficacy of information described on or in SCARS’ Content. The information contained is subject to change and is not intended to cover all possible situations or effects. SCARS does not recommend or endorse any specific professional or care provider, product, service, or other information that may be mentioned in SCARS’ websites, apps, and Content unless explicitly identified as such.

The disclaimers herein are provided on this page for ease of reference. These disclaimers supplement and are a part of SCARS’ website’s Terms of Use

Legal Notices: 

All original content is Copyright © 1991 – 2023 Society of Citizens Against Relationship Scams Inc. (Registered D.B.A SCARS) All Rights Reserved Worldwide & Webwide. Third-party copyrights acknowledge.

U.S. State of Florida Registration Nonprofit (Not for Profit) #N20000011978 [SCARS DBA Registered #G20000137918] – Learn more at www.AgainstScams.org

SCARS, SCARS|INTERNATIONAL, SCARS, SCARS|SUPPORT, SCARS, RSN, Romance Scams Now, SCARS|INTERNATION, SCARS|WORLDWIDE, SCARS|GLOBAL, SCARS, Society of Citizens Against Relationship Scams, Society of Citizens Against Romance Scams, SCARS|ANYSCAM, Project Anyscam, Anyscam, SCARS|GOFCH, GOFCH, SCARS|CHINA, SCARS|CDN, SCARS|UK, SCARS|LATINOAMERICA, SCARS|MEMBER, SCARS|VOLUNTEER, SCARS Cybercriminal Data Network, Cobalt Alert, Scam Victims Support Group, SCARS ANGELS, SCARS RANGERS, SCARS MARSHALLS, SCARS PARTNERS, are all trademarks of Society of Citizens Against Relationship Scams Inc., All Rights Reserved Worldwide

Contact the legal department for the Society of Citizens Against Relationship Scams Incorporated by email at legal@AgainstScams.org