Disaster Recovery (DR) has always been a very comprehensive and multi-departmental undertaking. This has only increased in connectivity in the digital age. With so many devices being connected to the network now, it is beyond the traditional natural disasters and power outages. We must view network security as an integral piece of any disaster recovery plan.
A successful disaster recovery strategy is not hinged on process exclusively. A good strategy relies on swift and effective communication – both internally and externally. Aside from each department’s own pecking order, dept. leaders have to work together to fill the common goal of minimizing loss. Unfortunately, when it pertains to IT and security, there are still a lot of organizations who believe IT/Security issues should remain contained within their department. This, of course, harms everyone. After all, we, as practitioners, know a bad disaster recovery affects the entire organization. When a breach happens, everyone needs to mobilize as if it’s any other disaster. PR, HR, accounting, and even sales need to communicate to their customers what has happened in a corporate-defined way. But how do we do that if the organizations do not understand security concepts or it stays isolated to IT/Security?
You get a Corporate Dungeon Master, that’s how.
[For those of us who have played Dungeons and Dragons, you understand how important the DM is to the game, but for those of you who haven’t yet had the chance to enter the fantastical world of RPGs (role playing games), here’s the rundown.]
The Dungeon Master (DM) runs the entire game. Each character has their own strengths and abilities and it’s up to the DM to guide them through a quest. DMs create the world and help lead the team on the journey. They play multiple characters that the guild encounters during the campaign. Additionally, they work with the players individually to strengthen their personal story lines and how they fit into the game. They’re a Single Point of Contact (SPOC) to answer questions and offer guidance (in a Socratic sort of way) to ensure the Guild’s success.
Every disaster recovery plan needs a Dungeon Master to orchestrate how an IT/Security incident plays out in real time.
The key to a successful DND campaign is having multiple strengths represented to work cohesively as a group to defeat whatever foe they’re up against. It’s not uncommon to have multiple monsters attacking at the same time, so there has to be a plan. If you have a Guild full of only “tanks” who are taking the brunt of the opponents’ hits without a healer, their hit points will drop quickly without remediation. Tanks are there to cause constant damage, typically in a melee format. Therefore, you also need ranged players (magical or otherwise) who can hide out and do targeted major damage to the largest adversary. The team has to be working together on the side as well as with the DM: If you have too many “single-player” mindsets, either the encounter will take up the entire session or they won’t be defeated at all.
The same goes for a disaster recovery plan.
Mixing smaller encounters with larger ones to level up the team and increase cohesiveness within the group is integral to security. These ideas are not just fantasy role-playing. There is tactical strategy that goes into it between the DM and team. Planning out encounters to better the group’s communication as well as upping experience is a huge part of the game.
This is what needs to happen in a security strategy. Running internal breach simulations is just as important as external penetration tests. It is an additional layer in the program that tightens the process. Also, it provides awareness of the complexity of IT/Security across the departments. Security is a journey, not a destination. Disaster recovery is not something a company just excels at out of the blue. Ongoing practice sessions have to be held as the environment changes with someone who knows the processes and protocols that need to happen during a breach scenario.
We all know how overworked the IT/Security staff is currently. Therefore, finding the right person to coordinate can be difficult. However, there are a few companies who can outsource this role who have extensive experience in these areas. Think of it as “DMaaS.” They can work with the multiple departments and run closed simulations throughout the year to trial and error possible scenarios. Breaches get messy really quickly due to the high-profile nature they’ve received in the media in recent years. In disaster recovery, internal and external communication is absolutely critical. Having someone to coordinate it all is like landing a Natural 20 on your attack roll.