Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach

2,541 views

Published on

FireEye Mandiant Consultants Jamey Dillon and Jim Aldridge discuss what happens before and after a breach

Published in: Technology
  • Be the first to comment

FireEye Cyber Defense Summit 2016 Now What - Before & After The Breach

  1. 1. NOW WHAT? BEFORE AND AFTER THE BREACH JAMEY DILLON / JIM ALDRIDGE MANDIANT
  2. 2. INTRODUCTIONS 2 Jamey Dillon Director, Mandiant Consulting Services Jim Aldridge Director, Mandiant Consulting Services Background: • Incident Responder • Penetration Tester
  3. 3. CHALLENGE 3 Average cost of a data breach (US): $6.5m Average cost-per-record breached (US): $217 (Source: Ponemon Institute 2015 – under 100k records)
  4. 4. ACTION ITEMS 4 1. Recognize the business impact 2. Own the risk 3. Educate stakeholders 4. Prepare the organization for the breach
  5. 5. INCIDENT IMPACTS 5 Quantifiable • Loss of business • Loss of market share • Cost of incident response effort – technical, legal, marketing, remediation • Fines / class action lawsuits / FTC action • Credit monitoring • Security team / executive re-alignments Recognize the business impact.
  6. 6. INCIDENT IMPACTS 6 Difficult to measure • Disclosure to customers, partners, interested government agencies • Loss of intellectual property • National security ramifications Recognize the business impact.
  7. 7. INCIDENT IMPACTS 7 Intangibles • Consumer confidence • Public perception Recognize the business impact.
  8. 8. BIG PICTURE 8 Direct, proactive engagement • Are we prepared? • Are we protected? • Are we compromised? Own the risk.
  9. 9. SPEAK THEIR LANGUAGE 9 You cannot afford to focus just on the business of Cyber Security or Information Technology • Understand the needs of the Company, Business Units and Services • Determine what data you need to be successful and protect it • Work collaboratively • Enable the business through security Educate stakeholders.
  10. 10. SPEAK THEIR LANGUAGE 10 Elevate the communication of risk and security from ‘Geek Speak’ to ‘Exec Speak’ • Don’t attempt to scare the audience, educate them • Cyber Security Leaders have to elevate their communications to equal the level of visibility • NOTE: There is no fancy Star Trek Translation Device for this • Speak their language – Cyber Security Risk = ($$ + Long Term Impact) • Brand Reputation, Consumer Awareness, Penalties, Impacts to Growth, High Cost to Respond Educate stakeholders.
  11. 11. ARE WE PREPARED? 11 • Incident response plan • People: skillsets, organizational structure • Risks: where are they? • Visibility, agility and collaboration between internal teams • Security operations and response processes Prepare organization for the breach.
  12. 12. ARE WE PROTECTED? 12 • Security controls • Visibility • Testing and validation • Metrics and reporting Prepare organization for the breach.
  13. 13. ARE WE COMPROMISED? 13 • Ongoing procedures to identify unknown intrusions • Are we executing the plan? • Do we have the right people in place? • Are we escalating and communicating effectively? Prepare organization for the breach.
  14. 14. NOW WHAT? 14 When the breach occurs • Prior to declaring an incident • When convening the IR team • Managing stakeholder expectations throughout the response
  15. 15. THANK YOU

×