Preparedness can
flip the script on
cybersecurity
events.
A media and entertainment company’s cybersecurity incident response plan needed a dramatic rewrite.
SUSPENSE BELONGS ON SCREEN, NOT IN AN INCIDENT RESPONSE PLAN.
The Situation
Our story begins with a spoiler: A media and entertainment company was going to experience a cybersecurity incident.
Would it be an insider event originating within the company? A ransomware attack affecting operations? Or a breach of data from one of its many productions filming across the globe? The company couldn’t predict how an incident would happen, or when … but it had to be prepared.
Even without an imminent, identifiable security threat, the company’s chief information security officer (CISO) understood how—across industries—incidents can emerge at any time, from any place. He wanted to ensure his team is ready as potential threats evolve over time.
The company had gone through its own evolution and was growing its infrastructure, but its security posture hadn’t kept up. The CISO had an ambitious vision that included driving efficiencies through automation. But before the company could explore new technologies, it needed to ensure the foundation of its cybersecurity incident response plan was strong.
The aggressive actions the CISO believed necessary for building resilience against threats ranging from low-level phishing to significant ransomware attacks would require participation and investment from all levels of the company. He could see where he wanted the program to go, and he needed to feel confident that when crises occurred, executive stakeholders would be able to act quickly to deliver a coordinated, rapid response to reduce risk and enable a sharper focus on actions that would have the most impact.
THE SOLVE
PRACTICE ISN’T ABOUT PERFECTION. IT’S ABOUT PREPARATION.
The Impact
Back to the prologue: A few months later, that cybersecurity threat materialized.
It had the potential to have a negative impact on the company’s employees, investors, and customer base. But because they’d exercised their collective response muscles, each corporate function understood what steps it needed to take, and the client successfully countered the threat using the whole-of-business response we helped them engineer.
The company’s readiness derived from practice and a better understanding that cybersecurity incidents often raise cross-functional concerns, resulting in cross-functional responsibility. It’s not a spoiler to acknowledge that additional events are likely to occur. But now our client has an actionable plan with demonstrated effectiveness and a team prepared to implement it together.