Riddle: What do Marriott, Equifax, and Capital One all have in common?
Answer: They've each been the victim of a data breach compromising 100 million+ users each; all in the past 12 months.                 

With large scale breaches reaching a near-constant tempo, many questions have been raised about the viability of a safe and secure digital infrastructure. But one thing which has by now become crystal clear is that we are living in an era where we no longer have the luxury of asking if we'll be hacked, but rather when and how badly .

Over the past week, hordes of security experts, reporters, and financial analysts descended on Las Vegas to attend the annual Black Hat and Def Con conferences. Yet, speakers used the thousands of hours of presentations to highlight the increasing security risks as we turn toward the third decade of the 20th century. Ironically, it is an open secret among cyber security professionals that our digital security is far worse than people would like to imagine, while the security talent gap only continues to widen. When one hacker demoed how he'd hacked into a Smart TV via a drone-mounted radio, hardly anyone present was surprised. After all, Smart TVs have had known vulnerabilities for nearly half a decade now.

Again: It is no longer a question of if you'll be hacked, it is only a question of when and how badly. And so, the task of security teams cannot only be to protect digital assets, but also to plan for their eventual compromise.

A couple weeks ago, I wrote about what to do once you've been hacked. But the truth is that the preparation must begin before you're attacked.

Sure, a Business Continuity Plan can go a long way in mitigating the breach and in some cases reversing the damage, but that's only possible if you already have an effective BCP in place prior to the attack. An effective BCP doesn't just include key elements like your Disaster Recovery, Business Impact Analysis, and Cyber Incident Response Plan, but is also regularly audited and kept up-to-date. In other words, unless the real threat of a successful breach is accepted and taken seriously, your BCP will likely prove ineffective and, more often than not, discarded.

Furthermore, as mentioned in my previous article, Silent Breach estimates that partnering with a reputable cyber security firm is the single most effective step you can take to mitigate your digital security risks. In fact, Silent Breach even offers a Managed Response package to streamline and automate much of your post-breach workflow. But once again, this only works if you have a partnership in place before the services are needed.

In short: anyone who tells you that they can provide you with complete security is either lying to you or living in a bygone era. Today, in 2019, cyber security is at its best when it protects you today, and plans for tomorrow.

Now, when the inevitable occurs, will you be prepared?