Cybersecurity: It begins and ends with preparation
By on Posted in Cybersecurity, Data Privacy

The life cycle of a data security incident begins and ends with preparation.

Unfortunately, there is no such thing as a network or system with “zero vulnerabilities.” There are jokes about absolute network security, including that the only secure network is one without users or one with no access. There is no perfect code, no perfect software, no perfect hardware, and even the most well-intentioned user can be socially engineered. Consequently, preparation at all levels of information security is critical to protect businesses from catastrophic attacks.

According to the National Institute of Standards and Technology, there are four phases of a data security incident: (1) Preparation before an incident occurs, (2) Detection and Analysis, (3) Containment Eradication and Recovery, and (4) Post-Incident Activity, which is essentially steps taken to ensure – as much as possible – that a similar incident does not occur in the future.   

In other words, both the first and fourth phases entail taking steps to avoid a future data security incident. As a former FBI executive in charge of the data presentation and storage for the agency’s operational missions, my daily question was, How much preparation is enough? Businesses face the same daily question: What level of cybersecurity is enough to prevent or thwart an attack on our computer systems? I found that the best question to ask myself was, What would it take to prevent or thwart the most likely attacks on our computer systems?

In preparing to defend against a network attack, I found external sources of expertise to be very helpful. Instead of looking inward for answers, we invited outside professionals to thoroughly assess our cybersecurity posture— by showing us our weaknesses and deficiencies. As capable experts, they were able to point out many areas for improvement, such as hardware, software, networks, and training. As we made changes to our digital environment and training regimen, we also reviewed, edited, and drafted policies and protocols to protect our data. We then tested these internal rules and guides by engaging in internal table-top exercises. All of that helped to emphasize the importance of preparation in defending against the inevitable cyber attack.

Many businesses struggle to identify the best means of preparation against cyber attacks. Some businesses may need the proactive services of technical experts who can scan for vulnerabilities, test for intrusion vectors, provide cyber training, or design and install new systems built around the concept of security as a pillar, not as an add-on. Other businesses may require proactive services focused on new security and data handling policies and protocols along with tabletop exercises for management and staff. These measures help businesses identify security issues with the collection, processing, and management of sensitive data, such as personal information and protected health information. Other businesses may want an assessment of their internal systems, in addition to policies or protocols, to help them better prepare for a data security incident.

For every business, the need for preventive services can vary by size, industry, regulations, unique workflows or objectives, and general operations, among other factors. Each business will define its level of preparation differently. Professionals in the field of data privacy and information security know that when a business questions the sufficiency of its cybersecurity posture, the response should always be tailored to the client’s specific needs.

No matter the size or business sector, the Constangy Cyber Team can develop solutions tailored to your organization’s unique needs. Contact us today at cyber@constangy.com for support with incident response planning and practical ways to mitigate your security risks.

TAGS: Cyber Team, CyberMonday, Cybersecurity, Hack, NIST, Plan/Prevent/Protect
Facebook Twitter/X Linkedin Email
  • Jason Cherry in a dark navy suit and tie smiles while standing against a light blue and white geometric background.
    Jason Cherry
    Partner

    He provides legal counsel and representation on a variety of data privacy issues, including the identification of protected-data, application of statutory requirements for specific types of data and industries, facilitation of ...

    More from Jason: Full Bio | Contact Author | Blog Posts

The Constangy Cyber Advisor posts regular updates on legislative developments, data privacy, and information security trends. Our blog posts are informed through the Constangy Cyber Team's experience managing thousands of data breaches, providing robust compliance advisory services, and consultation on complex data privacy and security litigation. 

Search

Get Updates By Email

Subscribe

Archives

Jump to Page

Constangy, Brooks, Smith & Prophete, LLP Cookie Preference Center

Your Privacy

When using this website, Constangy and certain third parties may collect and use cookies or similar technologies to enhance your experience. These technologies may collect information about your device, activity on our website, and preferences. Some cookies are essential to site functionality, while others help us analyze performance and usage trends to improve our content and features.

Please note that if you return to this website from a different browser or device, you may need to reselect your cookie preferences.

For more information about our privacy practices, including your rights and choices, please see our Privacy Policy. 

Strictly Necessary Cookies

Always Active

Strictly Necessary Cookies are essential for the website to function, and cannot be turned off. We use this type of cookie for purposes such as security, network management, and accessibility. You can set your browser to block or alert you about these cookies, but if you do so, some parts of the site will not work. 

Functionality Cookies

Always Active

Functionality Cookies are used to enhance the functionality and personalization of this website. These cookies support features like embedded content (such as video or audio), keyword search highlighting, and remembering your preferences across pages—for example, your cookie choices or form inputs during submission.

Some of these cookies are managed by third-party service providers whose features are embedded on our site. These cookies do not store personal information and are necessary for certain site features to work properly.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek