Moving to your Pot of Gold: Backpacking and Cyber Security

Moving to your Pot of Gold: Backpacking and Cyber Security

 by Carl Nerup

 

As I slogged my way along the North Coast Trail on Vancouver Island, BC, a thought (or many) occurred to me.  Hence this blog post.   The trip was a solo-trip, 8-days with no resupply, active wildlife (bears), a ‘primitive’ trail, a very remote part of the world, and a challenge to me both physically and mentally.  

The next big cyber-attack is coming, and it will not be trivial.  A state actor, critical infrastructure, broad consumer impact, not sure when or how it is coming, and you know it will be a challenge to overcome.

It turns out that backpacking is like managing your company’s cyber security.

Do you have the tools in place to prepare your strategy for ‘Defense in Depth’ to ensure that you have a safe and secure hike but also for your business by leveraging a common set of principles to drive towards risk mitigation?

Prepare for the Trip.   

  • Understand the local landscape and determine if there are any specific rules or regulations that you need to be sure to follow for your trail or business vertical.
    • Read blogs, study the terrain to set your pace, and learn the rules for this trail (bear boxes).
    • Look for best practices, study other relevant use cases, and determine what certifications you need to gain to provide assurance to your business.

Pack for Contingency.

  • Weather, accidents, and wildlife happen. The same could be true for your infrastructure depending on your region, HW vendors, or network availability.
    • Pack rain gear, first aid kit, gear repair supplies, short or tall gaiters, and some extra food.
    • Rain, cold, ‘brown outs’ may require back-up generators or fuel supplies.

File your Itinerary. 

  • Study the terrain, determine your hiking pace, and establish camping sites. For companies learn industry practices, understand likely attacks, and read voraciously to understand your risk profile.
    • Publish your trip plan, share it with family, and then list it on your Permit.
    • Establish milestones, set contingency triggers, and educate your employees.

Paper Map.  

  • Sure, it is old fashioned. But, having a hard copy map matters.  As does, having written contingency plans available to your employees.
    • Bring a basic map, a topographic map, a waterproof map, a detailed map of each section.
    • That written manual of contingency plans could be the difference if your systems are off-line.

GPS Trail Guide.

  • Many applications are available for mobile devices that can guide your hike. Even airlines are using tablets for kneeboards and contingency manuals.
    • Even with no cellular coverage, your phone can still support a GPS application to help guide your hike safely or to get you back on course should you lose your way.
    • A digital set of manuals to guide your employees to maintain course and counter the inevitable threats that will present themselves.

‘Oh Poop’ Device.

  • Backpacking or in Business, it happens. Be prepared.
    • This is why people now carry a Garmin In-Reach because it has a ‘Oh Poop’ button that is there for you in case the un-foreseen happens.
  • Get a Red Team, get a Government Agency on file, or know who to call when the ‘Oh Poop’ moment of the hack comes for organization.

As I prepare for every hike, especially as I tend to go solo, the list above is exactly what I do to ensure that I lessen the risk as much as possible so that I can ensure a fun and safe trip for me and all of my loved ones back home wondering when I will get out.   And, in candor, most of the in-depth planning that I execute against today are from hard learned lessons on the trail over my many years of backpacking.

It is my view that this same accumulated knowledge of planning to mitigate the risk of a cyber attack to your enterprise is very similar.   Maybe the question to ask is whether you have six layers of ‘defense in depth’ to your cyber security preparation as I do for when I go backpacking?   Many lessons have also been painfully and publicly learned in the market today that you could directly apply to your own security posture.

However, if you want some help, then call me.   Call Cog Systems.  ‘Being Prepared’ is not a tired motto, it is an essential first step to lessening your risk and helping you to enjoy doing the best part of your business – delivering for your customers.

Thank you.