As I sit here typing in beautiful Chicago, a massive blizzard is just starting to hit outside. This storm is expected to drop between 12 to 20 inches over the next 24 hours, which could be the most snowfall in over 40 years. Yet in spite of the weather, the citizens and city workers remain calm, confident in the fact that they know how to handle an incident like this. A joke has been going around on twitter about the weather today – “Other cities call this a snowpacolypse. Chicago calls it ‘Tuesday’”.
Northern cities like Chicago have been dealing with snowstorms and snow management for decades, and have gotten pretty stable at it. Yet, when cities fail at it, there can be dramatic consequences – in 1979, the incumbent mayor of Chicago, Michael Bilandic lost to a challenger, with his poor response to a blizzard cited as one of the main reasons for his defeat.
The same crisis management practices, as well as the same negative consequences attached to failure, apply to information security organizations today. Security teams should pay attention to what their better established, less glamorous counterparts in the Department of Streets and Sanitation do to handle a crisis like two feet of snow.
So, how do cities adequately prepare for blizzards? The preparations can be summarized into four main points:
- Prepare the cleanup plan in advance
- Get as much early warning as possible
- Communicate with the public about how to best protect themselves
- Handle the incident as it unfolds to reduce loss of continuity
These steps are all also hallmarks of a mature security program:
- Have an incident response plan in place in advance of a crisis
- Utilize real-time detection methods to understand the situation
- Ensure end users are aware of the role that they play in information security
- Remediate security incidents with as little impact to the business as possible
An information security program that is proactive in preparing for security incidents is one that is going to be the most successful in the long run. It will gain the appreciation of both end users and business owners, by reducing the overall impact of a security event. Because as winter in Chicago shows us – you can’t stop a snowstorm from coming. Security incidents are going to happen. The test of a truly mature organization is how they react to the problem once it arrives.