Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

3/22/2019
02:30 PM
Kelly Sheridan
Kelly Sheridan
Slideshows
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail

Inside Incident Response: 6 Key Tips to Keep in Mind

Experts share the prime window for detecting intruders, when to contact law enforcement, and what they wish they did differently after a breach.
3 of 7

Communication Control: Have a Plan in Place
The desire to be less transparent following a breach can backfire, said Code42 CISO Jadee Hanson, who was working in a security role at Target when it was hit with a massive breach in 2013. A lack of prepared communication is a common problem with incident response.
'The biggest thing I feel is very much overlooked is controlling communication and having a set communication in place if something terrible happens,' she explained. Target was hesitant to be fully transparent following the 2013 breach; as a result, people filled in the gaps on their own.
'There was a lot of speculation that wasn't real that ended up swirling out of control, to the point where we couldn't get back the story,' Hanson said. Companies are now much more transparent in disclosing security incidents and updating customers as they have more info. It's still a tricky process to navigate, though, especially in the immediate aftermath of a breach.
'Often when you're working with a breach, you're dealing with partial information,' Hanson noted. Getting a C-level executive to say 'I don't know' and maintain credibility is a delicate balance.
(Image: Rawpixel.com - stock.adobe.com)

Communication Control: Have a Plan in Place

The desire to be less transparent following a breach can backfire, said Code42 CISO Jadee Hanson, who was working in a security role at Target when it was hit with a massive breach in 2013. A lack of prepared communication is a common problem with incident response.

"The biggest thing I feel is very much overlooked is controlling communication and having a set communication in place if something terrible happens," she explained. Target was hesitant to be fully transparent following the 2013 breach; as a result, people filled in the gaps on their own.

"There was a lot of speculation that wasn't real that ended up swirling out of control, to the point where we couldn't get back the story," Hanson said. Companies are now much more transparent in disclosing security incidents and updating customers as they have more info. It's still a tricky process to navigate, though, especially in the immediate aftermath of a breach.

"Often when you're working with a breach, you're dealing with partial information," Hanson noted. Getting a C-level executive to say "I don't know" and maintain credibility is a delicate balance.

(Image: Rawpixel.com stock.adobe.com)

3 of 7
Comment  | 
Print  | 
Comments
Oldest First  |  Newest First  |  Threaded View
CharlieDoesThings
50%
50%
CharlieDoesThings,
User Rank: Apprentice
3/25/2019 | 10:22:21 AM
6 more tips I could use
Well done with the post, I really enjoyed the tips.
StephenGiderson
50%
50%
StephenGiderson,
User Rank: Strategist
4/26/2019 | 1:16:33 AM
Who should we help?
OF course bigger businesses are going to be better prepared when it comes to disaster and external attacks. But they are also more than capable of affording the ramifications of such a situation whereas the smaller guys will struggle. So who really needs the help?
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, Guardicore,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.
CVE-2019-16761
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the [email protected] npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. All versions >1.0...
CVE-2019-16762
PUBLISHED: 2019-11-15
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any...
CVE-2019-13581
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary ...
CVE-2019-13582
PUBLISHED: 2019-11-15
An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution.