Each year between June and November, many parts of the U.S. become potential targets for hurricanes. In October 2022, we had Hurricane Ian devastate Florida. To prepare for natural disasters like hurricanes, organizations are encouraged to build out and test business continuity, disaster recovery, and crisis management plans to use in the response efforts. Millions of dollars each year are spent on natural disaster preparation, but natural disasters are not the only disruption businesses face.
While we can’t equate the potential impact of a cyberattack to that of a hurricane, there is much that security leaders and teams can learn from existing physical disaster preparedness and recovery plans and can apply in a cyber crisis.
So how can organizations use the fundamentals taught by natural disasters to respond to a paralyzing ransomware attack?
Early in my career, I had an opportunity to work on the security team at the Florida Department of Health responding to cybersecurity incidents, as well as served as a member of the Emergency State Function (ESF) 8 (Health and Medical) team through Florida’s Department of Emergency Management. As you can imagine, Florida is quite experienced in dealing with highly disruptive natural crises.
Managing Chaos with Command Structures
Working with the State of Florida, I was required to take multiple courses in FEMA’s National Incident Management System (NIMS) principles, structures, and processes. These courses taught responders the basics of NIMS including the concept of Incident Command Systems (ICS), and the National Response Framework (NRF) to ensure everyone understood how their role and responsibilities supported the overall effort.
The concept of an ICS is an approach to command, control, and coordinate incident management by provid ..
Support the originator by clicking the read the rest link below.
