If you are one of the 34 million people that spent 7 hours of your life glued to Netflix’s recent documentary series about exotic zoos and their outlandish owners in rural America, then you know there are many lessons to be learned from the characters in the show. Outside of some of the more obvious, “don’t keep a tiger as a pet”, below are a few important lessons that can be translated to your organization’s information security program as well. Enjoy!
Everyone at the zoo played a role…good or bad. Really, are your employees willing to lose an arm to protect your organization’s reputation?
Everyone in your organization plays a role in cybersecurity – make sure that they know what their individual responsibilities are and are up to the task.
Please, please don’t use expired meat on your pizzas.
Invest in security and don’t cut corners. If your data is important, choosing the lowest cost option may not be the best way to properly protect your information.
Food for hungry tigers is more critical than a novelty political campaign.
Prioritize your risks and allocate funding accordingly.
Focus on your organization’s vision, not your competitors.
Did Joe’s longing for celebrity status override his love for tigers?
Never lose sight of your organizational goals.
Jeff Lowe came in at an opportune time.
Choose your partners and vendors carefully.
Was Joe really at a funeral out of state or was he blowing up the zoo office and all incriminating video footage?
Small distractions can be a diversion, so continue to monitor all systems and utilize alerts.
Referring to the above arson…..
Always back-up your data. Don’t forget to test your backups regularly, as well.
Can you trust your employees or are they leaking information (to the FBI)?
Insider threats are real so continue to monitor your staff as necessary.
Ensure you have enough food to keep those hungry tigers fed, even if something happens. Proceeds from a lucrative country singing career may or may not be enough to keep you afloat.
Have a robust business continuity plan and update it regularly to include all types of incidents (like pandemics!).
Oops, that wasn’t a sandy beach in Belize…Google actually shows that Joe is still in Florida.
Log activities – because (properly secured) logs don’t lie.
Some additional guidance from our Offensive Security team:
[Wallace]: Comply with all legal and regulatory requirements. If you comply with all legal and regulatory requirements, you too can have a pet tiger! However, just like your pet tiger, your organization’s hardware and software need to be maintained throughout the lifecycle of the product. Be sure to provide a safe, and secure environment for your tiger to thrive – like a well maintained firewall and access control. Keep your tiger well fed, and healthy – follow a routine vulnerability management program, and factor in renewal fees and maintenance costs to your budget. As your tiger ages, are you prepared for the unexpected? – Software and hardware can have a long usability period, but eventually will reach end of life and will need to be replaced to maintain your business. Sometimes, these losses can come earlier than expected so it’s best to plan ahead.