A few years back I was running a tabletop exercise at the office of a regional banking client. We had around 50 executives there including the C-suite. As we brought the exercise to a close, the bank CEO asked anyone on his team to share a story of living through a real data breach.
One woman on his staff raised her arm. She began telling us her story of living through the Chase data breach of 2014. You could tell from the tremor in her voice that she was still shaken from the experience. And honestly, who wouldn’t be?
She told about the day they found out they had been breached. Her role was a business unit ISO. But anyone associated with IT or security was immediately told that until further notice, they were to remain in the office. No one could go home.
She had to tell her family that she didn’t know when she could return home. Her husband and kids. She didn’t know when she could be part of their schedules or available to help with any of it.
Days and even weeks went by with food being brought in from outside, people getting antsy to be able to walk away from it all and just get cleaned up and change their clothes. Anything just to feel human again.
After that experience, she said “I never want to go through that again, and that’s why I don’t work there anymore”. So she left Chase to work at a regional midwestern bank that’s unlikely to be targeted by a foreign nation for a cyber attack.
Why am I retelling this story? So you can be better prepared for a breach. And so you don’t have to lock your staff in a war room for 2 weeks until you start working your way out of complete disaster.
If you’re not doing it already, start running quarterly Tabletop Attack Scenario Exercises (TASE) with your team. Run some of them internally. Have an outside party run them once in a while. Start documenting playbooks for activities your team will need to complete in any incident.
It all comes down to this: You play how you practice.