A few weeks ago, I had the opportunity to attend a cybersecurity conference in Dallas, TX. The name of the conference was Right of Boom.
Within the cybersecurity world, right of boom has a specific meaning – it is the period of time that happens right after a cyber incident.
There are several different frameworks Idaho businesses can use for their cybersecurity program with the most commonly known being NIST CSF. Within NIST there are 5 key areas or controls: Identify, Protect, Detect, Respond, and Recover.
- Identify potential incidents
- Proactively Protect devices and data
- Detect a incident in action
- Respond to the incident
- Recover from the incident
At the point of Detect, your managed IT company or IT staff has detected an active security issue within your company’s computer network. This could be an M365 or Google Workspace account breach, malware infecting a computer, or worse yet, ransomware taking down your entire operations.
So, imagine a big bomb going off at the point of Detect, and that is where the conference got its name from. Right of boom is the response and recovery phase.
The nature of this conference focused on the human element of cybersecurity; Post-incident, it's not tools we rely on but human skill, competence, and a deep understanding of the incident response process. This is where our policies and procedures shine.
One of the speakers at the conference was Executive Director Brandon Wales of the Cybersecurity and Infrastructure Security Agency. CISA is the federal agency that is ever keeping tabs on foreign and domestic cyber terrorism. I was extremely impressed with Executive Director Wales’ knowledge of what the bad guys are up to, and his technical understanding of the threats we face daily.
Many times when a government bureaucrat talks about the nation's cybersecurity, they don't really know what they are talking about. That's because they are usually a non-technical person presiding over a technical realm, doing the best they can to interpret what the technical people tell them.
However, after listening to Executive Director Wales, I have a new profound respect for one of our nation’s leaders - he really gets it.
You can listen to a recording of Executive Director Wales' address below. He talks about emerging cyber threats and the cyber fallout of the war in Ukraine.