Quarterly Resiliency Forecast: Shoring Up Your Cyber Threat Defenses

Insights
Written By Andrea Davis

Written by Andrea Davis

TRI recently reviewed Dragonfly’s annual Strategic Outlook for 2023. They project that in 2023 we can expect an increase in frequency and sophistication of cyberattacks. These attacks can come at any time and in many forms ranging from ransomware, denial of service and phishing. Any one of these attacks could cause a significant disruption to your operations. Ensuring you have up-to-date crisis management, business continuity and disaster recovery plans in place as well as educating and training yourself and your employees on cyber risks is key to mitigating an attack’s impact. 

To mitigate your risk, we recommend you take the following action steps

Action Step #1: Conduct an Audit

Ask yourself the following questions:

1.  Are there organizational standards and employee trainings defining your IT security protocol?

2.  Has an impact analysis been conducted to understand how your organization could be affected by a cyberattack?

3.  Do you have documented crisis management, business continuity and disaster recovery plans and protocols? 

4.  Do you know the back-up capabilities of your third-party vendors that support your critical functions/services?

5.  Has a notification protocol been established for letting employees and third-party vendors know of a potential business disruption?

Action Step #2: Update and Exercise Plans  

Update your crisis, business continuity, and disaster recovery plans with any of the gaps you identified in your audit.

TRI Tip: The planning process is invaluable, physical plans not so much. Keep your plans simple, straightforward and readily accessible. Conduct a tabletop discussion with your leadership team.

TRI Tip: Keep the tabletop discussion uncomplicated, focusing on the impacts of a crisis as opposed to a specific hazard. For example, what would be the impact if you were unable to access your files and other work technology for over 24 hours all the way up to a week? Ask executives what their immediate actions would be, their actions 24 hours later, then a week later. Document their answers to create an actionable executive playbook.   

Action Step #3: Communicate and Train

Update employee communications on IT hygiene, such as frequently changing passwords, not opening unknown attachments, etc. Conduct employee training.

TRI Tip: Consider providing your employees with a wallet card that includes immediate emergency actions and key numbers to call. 

For free template plans, playbooks and an employee wallet card, check out some of our resources.

Andrea Davis

Andrea Davis is a recognized expert in the field of emergency management who has dedicated her career to bridging the silos between the public and private sectors to create a united approach when it comes to disaster risk reduction.

Ms. Davis has held leadership roles with NGOs (The American Red Cross, Save the Children US), the US Federal Government (FEMA, The Federal Reserve) and for Fortune 500 Companies (Walmart, Disney). With each role, Ms. Davis used her influence to lead global initiatives focused on the importance of making risk informed determinations and engaging all members of the community in the decision-making process. Currently, Ms. Davis is the President and CEO of a Women Owned Small Business (WOSB), The Resiliency Initiative (TRI). Ms. Davis founded TRI out of a passion to serve the whole community before, during, and after an emergency.

Ms. Davis is a decorated leader. She was selected as a top 10 inspiring 2022 CEO by CIOViews Magazine, voted in as the inaugural Emergency Manager of the Year by the International Association of Emergency Managers in 2018 and was inducted into the Women's Hall of Fame for Emergency Management in 2013.

Previous

TRI Leadership Trio Takes the Stage
Next

70th Annual International Association of Emergency Managers (IAEM) Conference