Joshua Harr is a Cyber Security Analyst/IT Compliance at Boston Children’s Hospital. 6-year Active Duty Air Force veteran and AF Reserves Cyber Warfare Officer Selectee. Mr. Harr holds a Master of Science in Security and Resilience Studies in Cyber Security and Policy from Northeastern University. His research includes Cyber Psychology and Profiling Potential Internal Risks. Mr. Harr is focused on Cyber-Resilience through Crises and creating an environment based around User Education, Top Level Champions and Layered Disaster Operations.
We asked Joshua about his his role in Cyber Security and his upcoming ICMC 2018 presentation, “Resilience by the 1’s and 0’s.”
1. What are some of the biggest cyber-security threats that businesses will face in 2018?
I believe we haven’t seen the last of weaponized exploits of unpatched systems. Malicious actors are going to continue to take advantage of organizations that haven’t truly grasped the culture of “good cyber hygiene.” This is paired with ill-preparedness of a lack of a disaster recovery plan. When a business loses its data, it cannot operate and will impact revenue and effectiveness, ultimately resulting in a greater business impact. A final threat I see increasing is file-less attacks. With recent threat intelligence stating this is on the rise, organizations will have to get creative in detecting and responding to these attacks considering that traditional anti-virus may not be enough anymore.
2. When planning to respond to crises, what can organizations do in the preparedness phase?
Think of the worst-case scenarios and work backwards. What organizations will see, is that many of the foundations carry to the next crisis. By the time all scenarios (big and small) are walked through, risk assessments and management will become easier to get stakeholder buy-in and participating teams on board to take appropriate actions to maintain effective business patterns “battle-ready” for any type of crisis.
3. Why are crisis simulation exercises so important?
Simulations are like batting practice. It isn’t just for the decision-makers, but for the ones doing the work and implementing the action based on the incident response plan, disaster recovery plan, and/or business continuity plan. When every member is on the same page and has walked through these plans, the moment a crisis occurs, the reaction is muscle memory. So, being prudent of sensationalism, these exercises are a critical part of preparedness when facing crises head-on.
4. What can the 2018 International Crisis Management Conference attendees expect from your presentation?
Attendees will here from a practitioner on the lines of batting practice and what many of their employees are seeing on a day-to-day. From presenting practical ideas of risk management to soul-searching rhetorical questions to take back to their companies and ask. Attendees will also learn how resilience from a crisis starts with preparing for it.
Register for ICMC 2018
Register to attend the 3rd annual International Crisis Management Conference which will be held on April 24th and 25th in Boston MA.