CISO Survival Guide for Cyberattacks

  /     /     /  
Publicated : 23/11/2024   Category : security


CISO Survival Guide for Cyberattacks


CISOs who have survived major cyber incidents recommend letting company ethos guide incident response.



RSA CONFERENCE 2023 – San Francisco – The difference between a cyber crisis and any other type of emergency response is the unknown and the speed of events.
In an earthquake, you know what knocked down all the buildings. In a fire response, firefighters get an address. But with cyberattacks, answers can be much more illusive.
Even so, decisions still must be made quickly — and decisively — in order to mitigate the damage.
A delayed decision is a decision, John Carlin, partner at Paul Weiss, said here in a panel this week entitled Surviving the Breach.
Carlin, who has coordinated response plans at the highest levels of government, along with Brad Maiorino, CISO at Raytheon Technologies; Chandra McMahon, CISO at CVS Health and former CISO for Verizon; and Siobhan Gorman, a partner focusing on crisis, cybersecurity, public affairs, and media relations for the Brunswick Group, shared how they navigated cyber incidents and emerged on the other side with their careers and reputations intact.
Planning and developing a useable, flexible
incident response playbook
is important, as is working through everything from setting up Bitcoin wallets for potential ransomware payments, building a relationship with a professional negotiator, and even sitting down with general counsel to outline potential responses, according to the panelists.
Utterly mundane details can be easily overlooked, like having the appropriate stakeholders (like the FBI) contact details written down or stored someplace outside the downed systems. So designate an incident commander, McMahon said, adding that the CEO isnt the right person to take on that role. The incident commander should be someone with cybersecurity knowledge.
McMahon said managing incoming data and challenges can make or break an incident response. She recommends planning for wild cards in the response.
You dont know what form or flavor they will come in, McMahon said, but human behavior is one of the most predictable wild cards in any given response. Its natural for employees to participate in the response, even when they might not have any expertise in the area. That could include their speaking without authorization to the media, or even customers ahead of the orchestrated response.
There is energy there and people just need somewhere to put all their energy, she said. They want to be part of the response. It happens consistently.
To help identify legal ramifications of a breach, the panelists recommended keeping legal counsel close in an event.
External counsel can hold onto data and keep it under attorney-client privilege protections, as well as an SEC attorney who can provide guidance on disclosures so a company doesnt wind up disclosing too much or too little because of a misunderstanding of the rules.
I treat the legal team as an extension of our team, Maiorino added.
When it comes to surviving a massive breach, corporate values can provide a guiding light for making the right moves, they explained.
Gorman used the example of the
Under Armour MyFitnessPal compromise
she and her team worked on a few years ago. Under Armour turned to its two top stated priorities to decide next steps after the breach, transparency and caring about athletes, she said. The company decided to proactively alert the affected 150 million users that they were potentially at risk as soon as possible so they could take steps to protect themselves, she said.
Gorman and her team headed up that disclosure in just four days, she said.
Maiorino said keeping the focus on customers is the best path forward. This is my opinion, Maiorino said. but CEOs who put customers first do better than those who didnt. Customers recognize that and come back.

Last News

▸ Google requires vendors to disclose or fix zero-day bugs within 7 days. ◂
Discovered: 26/12/2024
Category: security

▸ Can Britain revive Snoopers Charter? ◂
Discovered: 26/12/2024
Category: security

▸ Thales secures deal for public services network. ◂
Discovered: 26/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CISO Survival Guide for Cyberattacks