Real-Life War Games: Avoiding the High-Profile Mega Breach

Faced with intensifying hacker activity security leaders have moved from telling management that the firm is protected against breaches because of preventive technology and security measures to driving home the message that security incidents will continue to occur. Even though playing real-life war games is never a CISO’s choice, security leaders can make a number of moves to both prevent and contain breaches:

• Continue to implement preventive measures. Implement NAC solutions and continue with ongoing testing of prevention measures.

• Be transparent with executive leadership and the board that the firm will probably be breached and likely already is breached.

• Present a solid breach response plan that will quickly contain the incident, present the firm in a positive light as it reports the breach and maintains transparency in communicating with clients.

• Exercise the breach response plan at least annually with executive management and more frequently with the tactical teams. Maintain preparedness to avoid the Fog of War that occurs when a breach happens.

• Include business continuity plans in the breach response plan. Communicate the business continuity and breach response plans internally. Remember to include manual procedures.

• The quicker that you know a breach has happened, the more enabled you are to contain it. Consider pre-installing incident response agents on the endpoints in order to quickly detect a breach.