Everybody today is so busy with their day to day operations and duties, we often only focus on putting out the fires that we are faced with at any given moment. It is hard to find time to take care of “good housekeeping” items, let alone preparing for something that may never happen. Unfortunately, being the victim of a cyberattack is much more a question of “When” not “If.”
Building an incident response plan is something that every company should do immediately if they haven’t done so already. For companies that have a “Playbook” already, it is vital that you conduct exercises so the plan gets committed to “muscle memory” as much as possible.
One of the first items to define in your plan is the Incident Response Team (IRT) roster. Some members are obvious like information technology and security staff as well as the appropriate management up to and including the CIO and CISO. Other, less obvious members should be General Counsel, CFO and public relations. Network breaches are often the subject of costly civil litigation and definitely news worthy. It is imperative that messaging to regulators, investors, and customers is done in a timely, accurate and appropriate manner. Improper messaging can and has caused significant damage to brands and reputations.
You may have seen the news yesterday from General Dynamics Fidelis Cybersecurity Solutions that we have expanded our partnership with Bit9 + Carbon Black. We’re pretty excited about this news as it will allow our Network Defense and Forensics team to use Carbon Black to supplement our network visibility and reveal the entire “kill chain” of the attack.
Anyways, given our growing partnership I was curious about their thoughts on the recent trend of high-profile data breaches and the collection historical data so I sent some questions over to Ben Johnson, chief security strategist at Bit9 + Carbon Black (@chicagoben). You can see our exchange below.
Q:Given the high-profile nature of recent data breaches, how do you see the cybersecurity landscape changing? And, what is the most important thing for IT security staff to understand as we move forward in the ever advancing world of advanced and targeted attacks?