Over the past three to five years, organizations have witnessed cyber attacks growing in scope, complexity, and severity. The nature of cyber attacks has evolved from the theft of financial data and intellectual property to include recent destructive attacks, causing cyber attacks to be seen as one of the most serious challenges facing organizations today.
The financial losses and reputational damage resulting from cyber attacks have riveted board directors’ attention on cyber risk. Organizations depend on their corporate directors to provide the oversight that will minimize the exposure to risk and drive cyber resiliency. Yet cybersecurity is a new area that leaves many corporate boards uncertain as to how to proceed. Lack of knowledge and insufficient counsel is affecting the ability of directors to provide adequate oversight of the security organizations and cybersecurity risks within their organizations. Faced with the need to make quick decisions in the heat of battle directors are overwhelmingly at a loss as to the process for navigating an attack.
To empower board members in their battle against cyber attacks we’ve stepped up our game by offering real-world counsel regarding the management of incident response in a NYSE-published cybersecurity guide entitled Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers. The Fidelis chapters and entire guide will be available for free download on Monday, October 12, 2015.
Aimed at educating directors and officers and helping them to build resiliency against cyber attacks, the guide brings together the expertise of respected industry leaders in the field of cyber security. Contributors from industry, as well as the legal, enterprise, and vendor communities, provide expert insights, proven strategies, and from-the-trenches tactics designed to equip directors with the knowledge, perspective, and tools needed to effectively evaluate and mitigate cybersecurity risk.
The Fidelis Cybersecurity incident response sections address the concerns around the blurring lines of an attack, why traditional remediation methods increase the risk of retaliation, and why organization’s forensic remediation efforts are sometimes ineffective. The chapters also provide guidance on best practices for planning, preparing for, and testing enterprise-wide incident response; the importance of adopting an outcome-based approach to forensic remediation; how to build an experienced forensics and incident response team; and valuable lessons learned in containment and eradication.
This blog is the first in a series in which we share our expertise and recommendations on incident response from the Fidelis chapters on detection, analysis and understanding of threat vectors and forensic remediation. The chapters will be available on Monday, October 12, 2015 at www.fidelissecurity.com/NYSEbook. The entire guide can be downloaded in Kindle, iBooks, and PDF formats at http://securityroundtable.org/. The site will also enable readers to dive deeper into the subject matter of the guide; follow cybersecurity discussions on matters such as policy, public-private collaboration, breach prevention, and response, compliance and business enablement; and learn more about contributing authors.
Coming next: Arming the Boardroom, Part 2: Know Your Enemy