The Cyber Mayday Trilogy: Prepare, Manage and Recover from a Cyber Mayday with Dann Lohrmann, CISO at Presidio. — Identity Management Solution & MSSP Company

Sennovate
5 min readFeb 6, 2023

--

Introduction

The preparedness, handling, and recovery from business disturbances caused by cyber threats is of utmost importance for organizations in the present digital era. With the widespread adoption of technology, organizations have become more susceptible to cyber-attacks, which can lead to catastrophic consequences. Such consequences include the loss of confidential information, harm to the organization’s reputation, financial losses, and interruption of operations. Nevertheless, by implementing effective preparation, management, and recovery strategies, organizations can minimize these risks, ensuring that their operations continue with minimal disruption in case of a cyber-attack.

Dan Lohrmann, an accomplished security expert and a renowned figure in the cybersecurity sector, will be the keynote speaker for the Cyber Mayday Trilogy as part of the Sennovate Secure Insights podcast. Mr. Lohrmann has a distinguished career in the field, beginning his career at the National Security Agency before serving as Michigan’s inaugural Chief Security Officer and providing counsel to senior leaders across the United States. Currently, he holds the position of Field Chief Information Security Officer, and is a co-author of the seminal publication, “Cyber Mayday & The Day After,” which serves as a comprehensive guide for leaders in preparing, navigating, and recovering from business disruptions.

Prepare for the Cyber Mayday

Leadership must understand that cyber-security incidents represent a significant business risk. Addressing these incidents requires a comprehensive approach that involves people, processes, and technology. A well-designed incident response plan is essential to mitigate the impact of a cyber-attack and protect company assets and sensitive information. All teams within the organization should be involved in the planning process and have a clear understanding of their respective roles and responsibilities. As an example, Lohrmann points out that “the legal team must handle legal aspects, public information officers handle the media and so on”.

Communication is a critical component of an effective incident response plan, and organizations should have backup communication methods in place in case their primary systems are compromised. Regular incident response drills can help ensure the

readiness of all stakeholders and provide valuable insights into areas that may require further attention. The participation of external partners and vendors in Cyber Mayday is of utmost significance. According to Lohrmann, the obligation of preparing and defending against cyber-attacks cannot be outsourced, regardless of how diligent a company may strive to delegate the responsibility. Effective leadership must still be involved in these processes and ensure that all aspects are in place prior to a potential cyber-attack. It is crucial to cultivate effective collaboration with these partners and technology providers in order to safeguard the organization’s assets. Ensuring the availability of immutable and easily recoverable backups is vital to maintaining the continuity of the organization’s resources. The availability of a larger pool of personnel is advantageous for an organization’s incident response plan, making security solutions providers and partners an integral component for preparation.

Staying informed in the rapidly evolving cybersecurity industry can pose a persistent challenge, however, a plethora of resources are readily available. It is imperative for leaders to familiarize themselves with these resources to stay ahead of potential threats. A recommended starting point for security tactics is the book “Cyber Mayday and the Day After” by Dan Lohrmann, which provides valuable insights on various attacks, strategies, and resources in the field.

https://youtu.be/Yy4tXNRrBWg

Manage the Cyber Mayday

In the event of a cyber incident, effective management from start to finish is crucial to decreasing the situation. However, leaders can sometimes make mistakes that can have devastating consequences. In his book, Lohrmann interviews organizations that have suffered through cyber-attacks, many of which reported that they had underestimated the time required to manage the situation. Another common mistake is an unwarranted sense of security, stemming from low cybersecurity awareness. Companies must understand their responsibility for their assets and avoid assuming their systems are impenetrable.

Despite reluctance, vulnerability and risk assessments are essential to protecting a company, particularly given the ongoing threat landscape. The damage caused by a cyber-attack can be assessed by evaluating the organization’s legal, financial, budget, and partner assets, and utilizing tools such as No More Ransom to determine the recoverability of data in the event of a ransomware attack. Familiarization with roles and responsibilities through regular preparation and practice can help ensure a smoother management process during an incident. The involvement of cybersecurity experts, equipped with the necessary skillset, is critical for the preparation, management, and recovery phases of a Cyber Mayday event. With their experience managing similar incidents, these experts bring invaluable expertise to the table.

https://youtu.be/0gyp99qc9QA

Recover from the Cyber Mayday

Recovering from a cyber-attack requires a well-coordinated and systematic approach to minimize the damage and prevent future attacks. Best practices for recovering from a cyber-attack include containing the attack by isolating infected systems, identifying the source of the attack, evaluating the damage, restoring from backups, implementing stronger security measures, reporting the attack to law enforcement and relevant authorities, communicating with stakeholders, and continuously monitoring systems for signs of compromise or new threats. Having a pre-prepared plan and regularly testing it can ensure a quick and effective response to a cyber-attack, reducing the impact and preventing future occurrences.

In the face of a real emergency, it is impossible to predict who will be available to respond. As demonstrated in a drill led by Lohrmann, even the individual who is often relied upon as the go-to person in crisis situations may not be present. This highlights the importance of considering contingency plans and having alternative resources in place. The aftermath of a cyber-attack will inevitably bring opportunities for growth, including the implementation of improved security protocols and enhanced training programs.

https://youtu.be/1GKGRM3nwvE

Conclusion

Dan Lohrmann’s secure insights are truly eye opening to the impact that cybersecurity awareness and protocols have on the world. Make sure to stay tuned for the latest in cybersecurity best practices, technologies and awareness with Sennovate’s podcast, Secure Insights!

At Sennovate, our professional Cyber Security Experts are trained to ethically carry out their duties to protect your organization with years of experience. Do you want to start with cyber security but don’t to how and where to or you want to know more about the ethical duties and responsibilities of cyber security professionals at Sennovate? Our experts are just a call away!

Having any doubts or want to have a call with us to know more about Preparing, Managing, Recovering from a Cyber Mayday?Contact us right now by clicking here, Sennovate’s Experts will explain everything on call in detail.

You can also write a mail to us at hello@sennovate.com or call us on +1 (925) 918–6618.

About Sennovate

Sennovate delivers Social Engineering Defence (SED) services, Managed Security Operations Center (SOC), custom Identity and Access Management (IAM) solutions to businesses around the world. With global partners and a library of 2000+ integrations, 10M+ identities managed, we implement world-class cybersecurity solutions that save your company time and money. We offer a seamless experience with integration across all cloud applications, and a single price for product, implementation, and support. Have questions? The consultation is always free. Email [email protected] or call us at: +1 (925) 918–6618.

Originally published at https://sennovate.com on February 6, 2023.

--

--

Sennovate

Sennovate is a global Managed Security Services Provider (MSSP) that specializes in Identity and Access Management (IAM) and Security Operations Center(SOC).