Preet Bharara is the US attorney for the Southern District of New York. He knows a thing or two about fighting crime. He also understands crime is happening as much in the virtual world as in the real world. Consider his assessment of cyberterrorism today (Sheelah Kolhatkar, “The Interview Issue” Bloomberg Businessweek, 8/12/13–8/25/13, p. 74):
“[Cyberterrorism is] among the most sophisticated type of threat that we face, whether you’re talking about hackers who are doing it for money or you’re talking about state actors who are doing it for purposes of espionage or attacking our infrastructure. But the FBI and the Secret Service have been spending a lot of time catching up.”
We understand the score. That is already scary enough. Unfortunately, it becomes scarier. In Bharara’s mind, too many companies are not prepared with a plan for knowing how to respond when cyberterrorism strikes:
“Companies should spend time focusing on a plan. You figure out how to build a better firewall and how you’re going to cooperate with law enforcement. You need to do that in advance. And shockingly, not enough businesses have thought about it.”
This does not bode well for many companies. The day cyberterrorism strikes is not the day you want to be thinking about what your response plan should have been. That behavior guarantees your response plan will have many flaws and possibly even do more damage than good.
The superior approach, as Bharara affirms, is to prepare your cyberterrorism response plan in advance. Pull together your key personnel and think through everything that could happen. Develop a response plan that is holistic and considers all angles.
We do not necessarily enjoy thinking about a cyberterrorism disaster. Nevertheless, doing so ahead of time will ensure your organization’s ability to produce an effective response.