Levi, Ray & Shoup, Inc.

Respect the ‘BOOM’

6/29/2023 by Chris Hill

With the Fourth of July holiday upon us, it’s important to ensure that we all remain safe.

Safety is also important in this day and age of cybersecurity; in fact, cyber safety continues to be a major challenge.

So, in the spirit of Independence Day, let’s talk about the “Boom.” It’s not the boom of fireworks but a couple of terms that you may or may not have heard about: "Left of Boom" and "Right of Boom."

These are terms commonly used in the field of cybersecurity and risk management. They are primarily associated with the concept of incident response and refer to different phases of an attack timeline.

  • Left of Boom refers to the period before a cyber attack occurs. It encompasses activities related to proactive measures, prevention, and preparation for potential incidents. Organizations focus on implementing security controls, conducting risk assessments, developing incident response plans, training employees, and deploying security technologies to detect and mitigate potential threats. The goal is to identify and address vulnerabilities or weaknesses in the system before they can be exploited.
  • Right of Boom refers to the period after a cyber attack has occurred. It involves responding to and managing the incident, containing the damage, and restoring systems and services. This includes activities such as incident detection, incident response coordination, analysis of the attack, remediation, forensic investigation, and communication with stakeholders. The primary objective is to minimize the impact of the attack, prevent further compromise, and return to normal operations as quickly as possible.

The chances of an organization experiencing a cyber attack can vary based on several factors. While it is challenging to provide an exact probability, it is important to note that cyber attacks are an ongoing and significant threat in today's digital landscape.

Here are some factors that can influence the likelihood of a cyber attack:

  • Industry: Certain industries, such as finance, healthcare, and government, are often targeted more frequently due to the value of the data they hold or the potential impact of an attack.
  • Size and prominence: Large organizations or those with a high profile may be more attractive targets for cybercriminals seeking financial gain or seeking to make a statement.
  • Security measures: The effectiveness of an organization's cybersecurity measures plays a crucial role. Organizations that have robust security practices, regular audits, and up-to-date software patches are generally more resilient to cyber attacks.
  • Employee awareness and training: Human error is a common entry point for cyber attacks. Organizations that prioritize cybersecurity awareness and provide training to employees on best practices for data protection and recognizing potential threats can reduce the likelihood of successful attacks.
  • Connectivity and online presence: The more an organization relies on internet connectivity and maintains an extensive online presence, the higher the potential attack surface. Organizations with multiple points of entry, such as websites, cloud services, or remote access systems, may face an increased risk.
  • Geopolitical factors: Organizations operating in regions with a high level of cyber activity or state-sponsored hacking may face an elevated risk.

It's crucial to understand that the threat landscape is constantly evolving, and new attack techniques are regularly developed. Thus, organizations must remain vigilant and proactive in their cybersecurity efforts to minimize the chances of a successful cyber attack. Regular risk assessments, vulnerability scanning, and incident response planning can help organizations improve their resilience against potential threats.

We will probably never reach the point where we can declare our independence from working on cyber security, but we can reach the point where we can enjoy July Fourth fireworks. We can help you help you with your cyber security needs; just contact us to schedule a meeting and discuss your specific requirements in more detail.

We won’t be posting on this blog next week, so enjoy the holiday!

About the author

Chris Hill serves as our Security Practice Leader. Chris has more than 24 years of business and professional experience in IT and holds a Bachelor of Science degree in Electrical and Electronics Engineering.