Clark, the little lights aren’t twinkling…
I’ve talked about holiday cyberattacks and the importance of committing to year-round security initiatives, and in the S3 blog about shopping scams, and I even talked about how to promote cross-skilling employees to avoid a vacation skills gap…pretty sure I can drum up some podcasts too…
Seems like our “holiday” trend isn’t a holiday trend? You’re welcome, Cousin Eddie.
Falling short on investing in security initiatives is recognized 24x7x365. During the summer and winter holidays, it’s just more likely to be on full display.
Why? While the summer offers a longer timetable for technical team absences, the winter season is far more concentrated. Concentrated gaps mean a higher likelihood for missing skills in the office and the corresponding accidental oversight of a major issue.
Winter holidays are a speed drill akin to pinball. From Halloween to the New Year, we are literally bouncing off every little task trying not to get stuck. From costumes, candy acquisition, candy purge, massive cooking, overeating, shopping, events, more events, overlapping events, to people in/people out, and everything in between. Not only is it exhausting, but it’s also a skeleton crew at any given moment. Stress levels are high, office focus is low. That’s an entire paragraph full of a high risk of incident occurrence.
With that recurring level of an annual threat profile, it would clearly indicate a longer runway for preparation would be critical. But each year…we fall short. How can we make sure the little lights are still twinkling and we’re also ready for next year?
Short Term Planning:
Attacks occur when the watchers aren’t watching. If you know you have gaps in coverage or unmitigated vulnerabilities, create a temporary plan. Short shifts of oversight and monitoring with an emergency protocol for additional support is mandatory. Spreading out the responsibility and creating a team level of assistance can help you navigate in the interim. No one survives Cousin Eddie alone. It takes a village. Create one within your team with a plan that sees you through the New Year then resume standard activities with an eye towards creating a better future model.
Unwavering Support for the Mission:
Alert leadership of the temporary strategy for operational protection and identify what you need for long term sustainable success. Temporary limping is acceptable. Permanent limping means a lack of leadership understanding of how security enables the business. Create a cyber talk track that facilitates achieving organizational objectives to move the budgetary commitment needle. No ability to make an investment? Sounds like time to prepare your breach response plans.
Strategy is a Must:
If you’re wondering when to start shoring up your security weaknesses after the holidays, it’s yesterday. Which means any day and every day is a great day to commit. Security programs cover the widest variety of people, processes, and technical initiatives so pick a quadrant and make some headway. Haven’t even identified all the quadrants? Take some time to plan. Creating a strategy provides a pathway for success in digestible components. Clark didn’t put all the lights up in one night and it won’t happen again next year. It takes some master home décor planning.
People Drive Progress:
Hiring and retaining the right resources also includes cross training and enabling them across the organization to achieve and find success year-round. Investing in recruiting, education, retention, and some serious resource planning is critical to ensuring gaps in skill levels don’t occur. When you have a gap, create a rolling plan to mitigate. A potluck holiday meal goes nowhere if someone forgot or accidentally burned the main dish. A backup plan to that Griswold style turkey, would have been helpful.
Evolution Results in Continuous Success:
Knowing your gaps is critical. You can’t tackle every quadrant in one sitting, so creating a mitigation plan for the areas of continued weakness is necessary. As you make progress on your plans, also keep an eye out for new gaps and keep existing holes managed. Revisiting your risk profile, noted weaknesses, and plans to address will keep you and your leadership focused on your plans. Constant communication about progress, reduction in risk, increase in operational support and output will also keep leadership invested in your success. A security program is never “complete.” As technology evolves, new threats emerge. Ensuring top level commitment to the vigilance of continuous protection is mandatory.
In reality, the entire year paves the path to the holiday road. With little to no preparation throughout the year, how could you survive a Griswold Christmas Vacation? Exactly how they did: white knuckled, a lot of bad eggnog, a few explosions, and a squirrel in your house. If a tree through your neighbor’s window is not your idea of a happy holiday gathering, make this the last year to scramble and create a game plan for everyday success. Then maybe a Family European Vacation to see Big Ben or Parliament may be in the cards 😉