SCF Advanced Search

  • Total Posts: 41455
  • Total Topics: 14957
  • Online Today: 512
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Caught in the breach – what to do first  (Read 2168 times)

0 Members and 1 Guest are viewing this topic.


  • SCF VIP Member
  • *****
  • Posts: 776
  • KARMA: 117
  • Gender: Male
  • Pez
Caught in the breach – what to do first
« on: 05. June 2017., 21:08:41 »
Caught in the breach – what to do first

Security experts have been saying for more than a decade that it is “not if, but when” an organization will be hacked. So, the more relevant question, posed in the title of a panel discussion at May 24’s MIT Sloan CIO Symposium is: “You Were Hacked: Now What?”

Indeed, given that there is no sure way to prevent every intrusion by so-called, “determined adversaries,” much of the defense playbook has shifted to incident response (IR). And that, said panelists, if done quickly and correctly, can mitigate the damage attackers can cause, even if they make it inside a network.

“Hacking is an action,” said Andrew Stanley, CISO of Phillips. “A breach is the outcome. So we spend more time on the hack than the breach. We want to know how, why – what was the intent – when and where. That’s what the C-suite wants to know more than the nature of the breach.” Answering those questions is what helps make the response, and therefore containing the damage, more effective, he added.

James Lugabihl, director, execution assurance at ADP, agreed that the key to limiting the damage of a breach is, “how quickly can you respond and stop it.” He said it is also crucial not to react without complete information. “It’s almost like a disaster scenario you see on the news,” he said. “It takes a lot of patience not to react too quickly. A lot of my information may be incomplete, and it’s important to get everybody staged. It isn’t a sprint, it’s a marathon. You need time to recognize data so you’re not reacting to information that’s incomplete.” With the right information, he said, it is possible to “track and eradicate” malicious intruders, plus see what their intentions were.

Both panelists said legal notification requirements can vary by country, or even by state, and if it is not a mandate, notifying law enforcement is something they will sometimes try to avoid. “Executives don’t like it, because it becomes a matter of public record,” Stanley said. “But it also can affect people’s privacy, and you don’t want to become an arm of the government.”

Aside from who needs to know and who legally must know, Stanley said collecting information that can help with the response is the most important thing to do. “It’s about intent,” he said. “If all (phishing) emails are going to one location, that’s an attack. So we need to ask: What do we do there? What’s the target?”

Both also said they conduct tabletop exercises, pen testing and simulated crises to practice their IR for when the real thing happens. But, as Lugabihl noted, “it takes perfect practice to make a perfect response. Bad practice makes bad response.”

To a question from moderator Keri Pearlson, executive director of the MIT Interdisciplinary Consortium on Improving Critical Cybersecurity Infrastructure, about how to cope with the reality that “people are the weakest link” in the security chain, Lugabihl said workers are not entirely at fault. “We haven’t fostered an environment that lets them do their jobs,” he said. “I’ve seen security professionals fall for phishing – those are getting more sophisticated. We just need to encourage them to report it. We need to help make things easier and more transparent.”

Original article: By Taylor Armerding, CSO Magazine on  May 31, 2017
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing !,8405.msg21475.html#msg21475

Samker's Computer Forum -

Caught in the breach – what to do first
« on: 05. June 2017., 21:08:41 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising