“Those that fail to learn from history are doomed to repeat it.” - Winston Churchill
“Sooner or later, everything old is new again.” - Stephen King
“What’s old is new again.” - Cyber professionals
What’s old is new again. Cybersecurity professionals are inclined to repeat this when a data breach exploits an old vulnerability or a “defeated” threat reappears. It seems that, in the rush to adapt to new threats and technologies, it can be easy to forget some lessons of the past. It’s time to get serious about preserving our cyber history with cybersecurity documentation.
Some days, cybersecurity feels like we are fighting the same battles over and over. Whether this means a new malware attack occurs or a vulnerability is discovered, offensive and defensive cybersecurity are never-ending. New threats arise constantly, and these keep us looking ahead to the future.
But if we don’t document the knowledge we’ve gained and preserve our cyber history, we will lose future solutions. It’s crucial to learn the lessons of our past, to help teams and organizations survive and thrive. Cybersecurity documents do this. Otherwise, we forget old threats, and what’s old becomes new again.
Documentation Can Be a Thankless Job
Often documentation is a thankless job. For example, we may not appreciate the person who requests a large family photo to capture a special occasion. Sometimes there are groans about dressing up. Sometimes there are crying children. It’s a hassle.
But who is thanked later and beloved for all the photographic results? The person who gathered everyone for the photo. People appreciate the results even if they hate the process.
Preserving Company Security Knowledge
Though in a less sentimental sense, the same is true of network and cybersecurity documentation. It can be tedious and frustrating. People might groan. Some may cry. But the end result is an important history. And the history helps us determine our future because we apply the lessons of the past.
Cybersecurity professionals enjoy quoting the phrase, “What’s old is new again.” This typically applies to cyber threats – if we haven’t protected our networks from past threats, the same threats will often materialize again and become new.
Employees need cybersecurity documents to clarify their responsibilities in the day-to-day operations of the security team. They also need a clear plan to follow in the event of a security incident or breach.
When employee turnover inevitably disrupts a company’s ecosystem, valuable history can be lost in the brains of those who have fought the cyber battles of the past, and the collective knowledge suffers. This is an important time we need cybersecurity documentation.
Employee departures are also knowledge departures – unless the company and security team have made cybersecurity documents a priority. If network records are kept clean, and if threats are logged with their respective remediations, the situation is entirely changed. The history is preserved, and the cybersecurity successors have a place to start.
Documentation is an Ongoing Task
Like threat defense, cybersecurity documentation is an ongoing and never-ending process. Once documentation has been created, it needs to be reviewed regularly and updated as processes and policies change.
As well as preserving history for the technical staff, cybersecurity documentation also provides guidance for non-technical staff, reminds employees of their responsibilities to watch for attacks, and clarifies the roles of every team member in the case of an attack.
Those who have been in the cybersecurity and information security fields for any length of time know this is true. Ethical hacker Katie Moussouris said, of her return to the field after a period of absence, “I’ve been retired from professional hacking since 2007. Why should a hacker that retired that long ago still be able to hack things?” she told Motherboard. “The shortcomings for the security industry are really that we see the same cyclical bugs coming in over and over again.”
Standing the Test of Time
Security documentation is also beneficial when it's time to conduct tabletop exercises. These scenario-based practice sessions will give the team a chance to practice the roles they have been assigned. At the conclusion of the tabletop exercise, team members should have the chance to review what they learned and what may need to change. This is all important information to collect in cybersecurity documents and preserve.
Key Cybersecurity Documents
This helpful article from RSI security outlines the key security documents that are needed for every organization:
Information Security Policy: an overview of the company’s security structure, policies, and each employee’s role in security. This includes rules, agreements, and standards of the company based on industry and legal requirements.
Disaster Recovery & Business Continuity Plans: contingency plans to follow in the case of an adverse event like a natural disaster.
Incident Response Plan: details how a cyber attack will be handled, and includes the roles and responsibilities of employees.
What’s old is new again.
Make sure your organization documents its network setup, cybersecurity measures, and incident response plan. You will benefit from the lessons of history, continuity of staff knowledge, and preparedness for the future. Let’s learn from our cyber history and make cybersecurity documentation a priority so that we can avoid the mistakes of the past.
We at StandardUser Cybersecurity are on a mission to share cybersecurity and cyber safety education with everyone, to make our world a better place. Are you with us? How can we help? Let us know today.
Whatever your cybersecurity challenge, we can help you keep your business running. We are a defensive and offensive cybersecurity company, using over 30 years of experience with active commercial and government work and proven security methodologies. We also educate teams and professionals who want to build on their skills. Occasionally we communicate with cybersecurity memes.
We set the standard for cybersecurity excellence.