Left of Boom vs. Right of Boom

In any cybersecurity event, there are two main timeframes – left of boom, and right of boom. These terms are widely used in the IT and cybersecurity industries, but what do they really mean, and why do they matter to your business? In this blog, we’ll share insights into what happens left of boom and right of boom, and what you need to know about them. 

What do left of boom and right of boom mean?

Put simply – it’s before and after. Left of boom is most easily described as before the event. This encompasses the time leading up to the initial incident. Right of boom is the time after the event. The “boom” is the cybersecurity event itself. 

Why are these terms important?

It’s not so much the terms, but the time periods they refer to. Each of these phrases summarizes a unique point in time. These are very important for digital forensics and figuring out what happened, and what the impact to your organization is. 

Left of boom indicates what was happening before the incident. This can provide valuable insight into gaps, vulnerabilities, behaviors, and other things that may have led to eventual compromise. 

Right of boom is the response period. These are the actions taken by your internal team, IT provider, and cybersecurity firm after the security event takes place. It’s imperative to show that the proper steps have been taken to contain and remediate the threat. 

Your cybersecurity strategy

ADNET always recommends a proactive approach. The more you can do to protect your organization, the better off you’ll be and the less likely you are to experience the boom. 

Here are our top 10 tips for building your organization’s security strategy – both left and right of boom. 

Left of Boom

The Left of Boom strategy emphasizes the importance of incident prevention. To achieve this, it is essential to implement layered security measures to safeguard users and data effectively. The following five tips establish a core security framework that integrates people, processes, and technology into a comprehensive strategy.

1. Managed Security Services: Managed cybersecurity services that include monitoring, alerting, and response can help detect threats, alert your team or your IT provider, and take steps to minimize damage and ensure quick containment of threats before they escalate.
2. MFA: This seems like a simple one, but it’s still so important. MFA, also known as multi-factor authentication or 2 factor authentication, combines something you have with something you know. It’s a great way to help keep threat actors out even with a compromised password. 
3. Managed ITDR / MDR for Email: One of the most cost-effective tools to implement is managed ITDR. This helps defend against attacks by using identity-based threat detection, can be configured to pick up on things like impossible travel, suspicious login activity, and other behaviors that could indicate a threat. These alerts can be used to quickly quarantine and contain threats, helping to limit access in cases of business email compromise and more. 
4. SIEM: A SIEM solution can provide comprehensive logging as well as tools for prevention. Logging becomes critical once an event happens, but you need to have it in place early on for it to be effective. 
5. Security Awareness Training: Ensuring your entire team knows what to look for helps reduce the threat of phishing emails and business email compromise, some of the largest attack vectors for threat actors. 

Right of Boom

If an incident has occurred, it is important to maintain the framework established for your Left of Boom operations. The training, tools, and processes from this framework remain crucial for effective containment operations. They are also beneficial when Digital Forensics or Legal counsel is required. Implement the following to establish a robust response process:

1. Incident Response Plan: You need to have an incident response plan in place before anything happens for it to be most effective but having it right of boom helps ensures that everyone knows what to do if a security event happens.
2. Disaster Recovery Plan: Much like your incident response plan, you need to have a disaster recovery plan. There may be some overlap, but the two can help to ensure a seamless experience when something unexpected, or unprecedented, happens. 
3. Reliable Backups: When you need to restore your critical data, backups are extremely important. These need to be in place prior to an event to be helpful, but they’re integral to getting you back up and running once an event occurs. 
4. Trusted IT Partner: An experienced IT partner can be instrumental in helping you handle a cybersecurity event. They can advise on engaging the appropriate channels or professionals, help with containment efforts, and assist with things like rebuilding and restoring from backups. Experience is key here – you want a partner who has helped organizations through this before. Everyone needs to start somewhere, but when the stakes are high you probably don’t want to be the experiment.
5. Cyber liability insurance: Cyber liability insurance can help your organization recover if you experience a cybersecurity event. Not only does it help from a financial standpoint, it can also help you navigate the recovery process. Like car or health insurance, when there’s a catastrophe, it’s very important to have this coverage. 

Preparation is key

Ideally, you’ll have policies, tools and people in place to help you before you need them. Cyberattacks are always evolving. Unfortunately, the nature of the threats means we can never be fully protected. The best thing you can do for your business is to invest in creating a cybersecurity strategy that will help you both left and right of boom.

Need help with your cybersecurity? Reach out to us – ADNET offers fully managed cybersecurity services, as well as advanced security services through our partner Cyber74. We’re happy to help you create a cybersecurity strategy that aligns with your business needs.