When you've invested heavily in preventing cyberbreaches, it's easy to think it can never happen to you. If you're not worried about getting hacked, you should be. Last year, 62% of organizations suffered a data breach. But only 34% say they're ready to respond to a cyberattack. For more, listen to our AT&T security experts discuss: http://soc.att.com/29OfzoP

1. © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
Not “If,” but “When”
A CEO’s Guide to Cyberbreach Response
Jason Porter, Vice President of AT&T Solutions
Todd Waskelis, Executive Director of AT&T Security Consulting

2. Presentation title here—edit on Slide Master
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.2
Cyberbreach response
The Problem The Solution
• 62% of organizations acknowledge a data
breach in 2015
• Only 34% of organizations believe they have
an effective cyberresponse plan
• The number of successful cyberattacks
continues to grow year over year
• It takes an average of 229 days for a breach
to be detected
• Multi-layered, end-to-end cybersecurity
program
• Comprehensive, cyberbreach response
plan

3. Presentation title here—edit on Slide Master
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.3
Cyberbreach response plan
• Put your plan together BEFORE
your organization is breached
(or before your next data breach)
• Don’t wait for the aftermath
to figure out your best course
of action
• While each successful cyberattack
may have its unique attributes –
amount of data stolen, impact on
business operations, type of attack
– an effective plan will still serve as
a good guideline

4. Presentation title here—edit on Slide Master
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.4
Put your team together
• Your cyberbreach response team
should be ready to spring into
action the moment the breach
is discovered
• The team should include more
than IT personnel
– C-suite
– IT
– Legal
– Cybersecurity
– Public Relations/Marketing/
Communications

5. Presentation title here—edit on Slide Master
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.5
Practice
• Conduct response drills and
tabletop exercises with your team
regularly
• Make sure your team members
have “backups”
• Consider training from external
cybersecurity experts

6. Presentation title here—edit on Slide Master
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.6
Short-term response
The first 24 hours
1. Activate the incident response
plan
2. Remove or isolate the infection
3. Assess legal implications
4. Determine root cause
5. Involve the legal team
6. Define critical business impact

7. Presentation title here—edit on Slide Master
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.7
Long-term planning
• Along with drills and tabletops,
conduct education and training for
the entire staff
– More than half of data breaches
involve employee error
– These errors are drastically reduced
after repeated training and testing
• Conduct tabletop exercises and
drills at least twice a year
• Invest in prevention and detection
technologies to help defend against
the day-to-day attacks

8. Presentation title here—edit on Slide Master
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
Poll 1
Does your organization have a cyberbreach response plan?
A. Yes
B. No
C. Not Sure
8

9. Presentation title here—edit on Slide Master
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.9
The four types of organizations
Progressive Proactive Reactive Passive
• Highest level of
security readiness
• C-suite involvement
• Comprehensive
cybersecurity
prevention and
response strategy
• Above-average
security readiness
• C-suite awareness
• Basic steps are put
in place
• Below-average
security readiness
• C-suite pays little to
no attention to
cybersecurity or
incident response
• Least ready
• C-suite is “hands
off” in matters of IT
and cybersecurity

10. Presentation title here—edit on Slide Master
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.10
Consider consultants
• Fresh pair of eyes
• Expertise in finding gaps
• Extensive knowledge of trending
threats, industry-specific attacks,
etc.
• They can assess your current
cybersecurity program and
evaluate or help prepare your
response plan

11. Presentation title here—edit on Slide Master
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
Poll 2
Has your organization ever worked with a cybersecurity consultant?
A. Yes
B. No
C. Not Sure
11

12. Presentation title here—edit on Slide Master
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.12
Preparing for the inevitable
• Impossible to predict when
you’ll be hit
• The likelihood of cyberattacks
continues to increase
• Rapid, thorough response will
determine whether your data
breach is a minor footnote
or a major disruption

13. Presentation title here—edit on Slide Master
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.
Q&A
12
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated
companies. All other marks are the property of their respective owners. The information contained herein is not an offer, commitment, representation or warranty by AT&T and is subject to change.

14. Presentation title here—edit on Slide Master
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.14
For more information
Cybersecurity Insights Reports
www.att.com/cybersecurity-insights
Security Resource Center
SecurityResourceCenter.att.com

15. Presentation title here—edit on Slide Master
© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property
and/or AT&T affiliated companies. All other marks are the property of their respective owners.