With over a decade of experience working with FFIEC (soon to become NIST CSF) and NCUA guidelines, I stay close to CEO concerns during tabletop exercises. CEOs ask: “Based on global tensions, how would the loss of Fiserv impact not only banks but the communities they serve?” “Should we shift to increasing cash reserves on hand and deploying 0% interest microloans to known customers during a cyber attack?” (This isn’t as far-fetched as you might think. Sweden, Norway, and Denmark are advising citizens to keep cash on hand for potential cyber threats.)
With over a decade of experience working with healthcare clients, we focus on the myriad concerns that come up during a cyber incident. HIPAA, BAA notification stipulations, the complexity of the IT infrastructure (especially with the use of third party technologies and services), patient care, privacy, and cyber security concerns are just the beginning of the various overarching due diligence concerns for healthcare management teams.
Our management TTXs and CIRPs help CISOs, risk managers, and business leaders prepare for when they need resources from their cyber insurance policy. Our team leverages a deliberate cyber insurance protocol to ensure the organization’s incident response documentation and perspective is aligned with the unique nuances of their various insurance policies. This approach also focuses on ensuring the organization’s insurance manager is fully prepared to participate in the incident response effort.
What makes the energy sector cyber security so important is the range of impacts due to a cyber incident. Explosions, environmental spills, fatalities, and the destruction of facilities are all inherent risks for companies that produce or handle large volumes of flammable materials. Organizations in this sector often struggle to capture the full range of cyber related risks. A piece of free advice: one of the best annual reports I’ve read in 10 years of reviewing annual reports for all of my publicly traded clients is the Chevron 2024 10-K (Disclosure: Chevron was not a client).
We train plant managers, IT/OT teams, and executives to respond to cyber disruptions before they impact production. Manufacturers count on our exercises to protect intellectual property, minimize downtime, and keep supply chains moving during a crisis.
We prepare CISOs, product teams, and founders to manage security incidents with confidence. Tech companies rely on our services to develop customized responses across departments that address various threats, including supply chain attacks, insider threats, theft of IP, and maintaining customer trust.
We equip government agency directors, security officers, and operations staff to respond effectively to sophisticated cyber threats. Government TTXs will also typically involve your COOP / Crisis Management team, who bring a number of resources to the table during a cyber incident.
With decades of experience in the military, law enforcement, and business domains, author of the McGraw-Hill book The Computer Incident Response Planning Handbook, Neal McCarthy has spent the last 10+ years writing business inclusive CIRPs and conducting management TTXs for a Dell subsidiary. McCarthy Cyber Readiness delivers solutions that go beyond the typical technical and tactical focus to succesfully prepare you and your team from the Top Down during cyber incidents.
