Header image

#Irisscon: Prepare for Worst 'Black Swan' Event With Policies and Procedures

Lewis and Mogull recommend policies and procedures and learning from other incidents.


Unpredictable events can be better prepared for if we’re prepared to deal with chaos, know how to manage environments, and develop systems to deal with incidents.

Speaking at Irisscon in Dublin, OnePassword CISO Dave Lewis and Rich Mogull,  SVP of Cloud Security at FireMon and CEO of Securosis, said that ‘black swan’ events can have a massive impact on a business, but need not be unpredictable.

Citing examples such as the attack on Solarwinds, the XZ incident and the NotPetya ransomware attack, Mogull said with unpredictable events, you cannot predict when something will happen and what it will look like, but can get a sense of what is coming up. “We can deal with what we know can hit us, but we can’t fully categorise,” he said, citing his experience as a paramedic working on response to Hurricane Katrina, where there were processes “to deal with unknown incidents.”

Lewis said that a catastrophic event can have a major impact, and “a lot of the time it is caused by something as simple as a password” and businesses can look to options like multi-factor authentication and biometrics, to deal with the fact that bad things are going to happen.

Shadow IT

Mogull cited the case with Shadow IT, and said this is often “employees doing things with tools we’ve not provided, and we haven’t enabled for them” but this is often users trying to get things done. “If they spin them up and it is not properly managed, along comes ransomware.”

Lewis cited cases of breaches at Uber, Dow Jones and Capital One, which he said were all because of unapproved technology, and especially due to unsecured Amazon S3 buckets. “We can’t say they are unpredictable as they will happen again,” he said.

Mogull concluded by saying that reducing the impact of black swan events doesn’t mean all gaps will be covered, “but be prepared to manage, scale up and deal with these.”

According to the two, preparations and responses should include:

  • Zero trust architecture
  • Continuous authentication and verification
  • Micro-segmentation, secure access service edge (SASE)
  • Extended access management
  • The rise of cyber insurance as a safety net
Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.