The military attacks involving Iran in the Middle East are the latest reminder that cybersecurity leadership must continually incorporate geopolitical risk into their enterprise cyber risk posture and preparedness.

Concerns for elevated risks against worker safety, operational integrity, and data security must be addressed.  Here are 5 steps for cybersecurity leaders to prepare and manage the evolving risks:

1. Understand risks and collaboratively develop recommendations - Develop recommendations based upon the specific threats with a focus on how the current threat landscape may affect your organization’s business model, technology dependencies, and risk tolerance.

2. Be safe, lead with focus and calm – Operate cybersecurity functions with extra focus and attention, consider temporarily turning on more telemetry and logging, and explore accelerating patching of vulnerabilities and streamlining the SecOps incident escalation processes.

3. Be prepared for the worst – Resilience is built before the crisis, not during it. Take advantage of the opportunity to prepare:

- Validate incident response playbooks for Operations, crisis response, and recovery, including related vendor contracts.

- Verify backups, recovery capabilities, and processes, including contact information of key personnel.  Consider taking an out-of-cycle data snapshot

Plan for 3 scenarios and consider a few quick tabletop walk-throughs: 1. Limited/degraded operations or data availability, 2. Ambiguous Situations where communication or telemetry are, 3. Unavailable, damaged, or compromised assets.  For all these scenarios, stress-test your assumptions about dependencies. What happens if specific personnel, cloud provider, or SaaS platform is unavailable?

Resilience depends on understanding these constraints in advance.

4. Monitor the situation. Remain vigil and support sustainability by keeping teams calm, focused, healthy, and positive. Don’t overwork people unless an incident warrants it.  Burnout is a real threat.

5. Update executive leadership. Maintain a channel for communicating relevant risk changes, impacts, posture preparedness, and set a cadence for future communication when appropriate. Executive leadership must be well informed and confident that the risks are being properly managed.

Preparation does not eliminate risk, but it dramatically improves how an organization experiences and manages it. When security leaders combine clarity, discipline, readiness, and measured communication, they position the enterprise to navigate uncertainty with strength rather than reaction.

Full article can be found on my Substack: https://open.substack.com/pub/matthewrosenquist/p/5-actions-critical-for-cybersecurity