Cyber Preppers: 5 Things to Know When Creating a Creating a Cybersecurity Incident Response Plan aka a "Cybersecurity Bugout Bag"

A wise man once said, “The best time to prepare for an emergency is before it happens.”

In the “real world,” this means having an escape plan and the tools you need to execute it. Often referred to as survivalism or “prepping,” these real-world action plans frequently have one thing in common: a bugout bag. In cybersecurity it means developing an incident response plan before you’re hit and having the capability to use it.

Unless you spend your weekends watching reruns of “Doomsday Preppers” on the National Geographic channel, you’re probably asking yourself, “What the heck is a bugout bag?”

A bugout bag is a durable, flexible and portable kit (often kept in a backpack) that contains all (hopefully) the things you need to survive for 72 hours after evacuating due to an emergency situation. Most bugout bags are designed for specific disaster scenarios, but should be usable in different situations. (For example, someone in Florida might have a hurricane season bugout bag in case of mandatory evacuation.)

Another thing to note about bugout bags: they’re not just for your crazy, canned-good-collecting uncle with a bunker in his backyard. As the world becomes less predictable, it is becoming more commonplace for the average American family to have one ready to go. The motto “be prepared” isn’t just for Boy Scouts. In fact, it even has a business use case. Many of the same principles of survivalism and bugout bags can be applied to your organization’s incident response plan.

Below are a few things to consider when creating a “cybersecurity bugout bag.”

Prepare for the most likely scenarios

Don’t waste time preparing for events that aren’t likely to affect your organization. A survivalist in New York, for example, will spend more time preparing for snowstorms than malaria pandemics. Likewise, your institution should prepare for the types of events you’re most likely to encounter. Consider things like malware, ransomware, phishing, data loss or theft and power outages. Are you prepared for these situations? Are you wasting valuable time and resources on the wrong areas?

Your bugout bag will be unique – and it will have a weakness

An incident response plan, much like a bugout bag, is not a one-size-fits-all solution. When building a bugout bag, a survivalist will keep three things in mind: their needs, their people, and the most likely “$#!* hits the fan” scenario they’ll face. Based on this information, they can build for geography and assemble a bugout bag to take them to the next location safely. Remember: there is no silver bullet. This is true for both bugout bags and incident response plans. No matter how detailed you are, there will be a weakness that needs to be addressed. So, what is between you and your bugout location? What do you need to make it there safely? Where are you weak and how can that be remedied?

Identify your priorities

In an emergency situation, a survivalist will organize their hierarchy of needs. The top three of these are often air, water, and food. A successful survivalist will know how to resolve these issues and where the solution will be. For example, locating a nearby source of water and understanding how to filter and purify it for safe drinking. They will also have emergency rations on hand to hold them over until a more permanent solution is installed. In a similar way, your organization needs to know how to meet your needs during a cybersecurity incident. What people and tools do you need to have available to deescalate an issue? What is the most important need that should be addressed first?

A bugout bag is useless if you can’t use it

Bugout bags and incident response plans are 100% useless if you are unable to put them into action when the time comes. All the time you spent preparing for emergency situations will be wasted if you don’t have the tools and resources that allow you to respond. Remember this common survivalist saying: “Luck is good, gear is better, skills are best.” You need the tools, but more importantly, you need to practice with them and become skillful in deploying them. When it comes to cybersecurity, it’s essential to have skilled resources, ready and able to start deploying solutions immediately.

You need an annual review

A bugout bag needs to be reviewed seasonally, or at least once a year. You can’t just pack the bag away and forget about it. Some parts will need to be replaced, either because they are expired or because there is a better solution. This same line of thought should be applied to your incident response plan. Don’t risk your security, compliance, or even your job, on an outdated procedure. This is a continuous process.

Your data is becoming more valuable every day. Knowing this, ask yourself: is my organization prepared to deal with a cybersecurity incident? And then ask yourself: what needs to be in my cybersecurity bugout bag?

Happy prepping.


About The Author: Reg Harnish

Reg Harnish is the CEO of GreyCastle Security, a leading cybersecurity risk assessment, advisory and mitigation firm headquartered in Troy, New York.

As CEO of GreyCastle, Reg is responsible for defining and executing the company’s vision. Under his leadership, the company has experienced six consecutive years of triple-digit growth and countless industry accolades. Today, GreyCastle Security is working with organizations in nearly every state in the U.S.

Reg is a nationally-recognized speaker and has presented at countless industry events. Reg was recently recognized as the Cybersecurity Consultant of the Year in North America by the Cybersecurity Excellence Awards for the second consecutive year. He has been featured in Time, Forbes, CBS Nightly News, The Washington Post, Dark Reading and others.

Reg is a member of the Forbes Technology Council and a fellow of the National Cybersecurity Institute in Washington, DC.