“Many times, we assume that the most important Key Action Items (Cont.) component to the response to an incident is the tech- nical component, which is let’s get the systems and • Adopt a comprehensive solution that operations back up and running and let’s get the impact gathers log information from a wide array of minimized,” said Leo Taddeo from Cyxtera. “I’ve always sources and inputs, and then correlates that believed that the technical aspects of incident response data with both known threats and behavior- are not as important as the communications aspects. If al analysis to uncover threats. you look at what really harms a company after a cyber breach, it’s not they’ve lost data or a server. What they • Ensure you have the infrastructure in place have lost is trust, and that trust is lost when commu- to detect the breach, notify the neces- nications are not concise, clear, and open. So, when sary people, and collect all the necessary you form a task force for incident response, the most information to track the breach, close the important person in the room is the one responsible for exposure, and prevent it from ever happen- outward communications, meaning what are we going to tell our customers and partners? What are we going ing again. to tell the government? The government reaction is much more severe when the government suspects the • In the event of a breach, keep your company is withholding information improperly, and outward communications truthful and thereby putting other people at risk.” complete. Failure to do so opens you to increased speculation and can bring about Taddeo added that since most executives are trained to higher levels of regulatory intervention. protect the enterprise from litigation and loss of rep- utation, they often translate that objection to severely • In an environment of increased phishing limiting public information. But breaches and related sophistication, add more email security, issues can rarely be kept under wraps for very long. such as sandbox URLs to help keep you safe. Sometimes employees may speak too much about what they know. Other times the attackers themselves may discuss their exploits, perhaps on the dark web. All this leads to speculation, some of which might be wildly untrue, yet equally damaging to the company. Copyright © 2020 AVANT Communications, Inc. 32