Akamai Diversity

The Akamai Blog

What a Broken Arm Teaches Us About Incident Response

I originally wrote this for CSOonline's Salted Hash blog in 2011. But given all my focus on incident management of late, a re-share seems appropriate.

You might find it weird that I'd find a teachable infosec moment in my son breaking his arm. But he did do it at a security meet-up, after all.

Let me explain:

On the last Saturday of October, we drove an hour north to Nottingham N.H. for an outdoor gathering of some friends in the security industry (the #NHInfoSecTweetup, to be specific).

The day was already not going to plan. A freak October snowstorm was bearing down on New England and when we got to the campground it was freezing and gray. Son number-one got out of the car and puked in the parking lot, a victim of car sickness. Within five minutes, we'd be making a hasty exit from the park for another reason.

Son number-two was delighted to find they had a playground, and ran for the monkeybars. Before I could finish introducing myself to everyone there, he slipped and landed on his wrist, breaking bones in two places.

We spent the afternoon at Exeter Hospital and the staff was terrific. They quietly moved Duncan to the front of the line (you should never leave an 8-year-old sitting in agony, after all) and got him x-rayed. They had to take him to the operating room to re-set the bones and now he's walking around with an enormous splint on his arm.

We left the hospital after 5 p.m. and drove the hour or so home in near-whiteout conditions -- a downright surrealistic scenario for New England in October.

What does any of this have to do with security? Running a business is like running a family. Unforseen accidents happen and you're forced to change plans in a snap-second. It's a teachable moment for companies that are trying hard to prevent data security breaches.

Just as kids will break bones from time to time, companies will suffer some kind of security lapse. No matter how careful you are as a parent or as a business owner, the unexpected will still throw you off step.

But it doesn't have to throw us into chaos.

In hindsight, we reacted well to our incident. The folks at the security meet-up helped us get our stuff to the car and we whisked the boy to the nearest ER. Everyone was calm, and we got the bones reset and the arm in a splint.

Since I write about security for a living, it's hard for me not to create security analogies in my head whenever life gets interesting. This was one of those cases.

I thought about it in incident response terms. Had we panicked, I would have driven too fast to the ER and wrapped the car around a tree. My wife and sons would have been at much greater risk.

We didn't panic, and everything turned out fine.

To me, that's the ultimate lesson for security practitioners dealing with an incident.

Panic and the security hole grows bigger, along with the severity of the blowback when it's all revealed. React calmly and you can quickly get to fixing the problem and preparing those you do business with for the news.

Businesses actually have an advantage. Incident response plans can be drawn up well in advance and put on the shelf for emergency use.

When kids get into accidents, you have to wing it a lot more.