NOW WHAT?BEFORE AND AFTER THE BREACHJAMEY DILLON / JIM ALDRIDGEMANDIANT

INTRODUCTIONS

2

Jamey DillonDirector, Mandiant Consulting ServicesBackground:• Security Program Development• Security Operations

Jim AldridgeDirector, Mandiant Consulting ServicesBackground:• Incident Responder• Penetration Tester

CHALLENGE

3

Average cost of a data breach (US): $6.5mAverage cost-per-record breached (US): $217(Source: Ponemon Institute 2015 – under 100k records)

ACTION ITEMS

4

1. Recognize the business impact2. Own the risk3. Educate stakeholders4. Prepare the organization for the breach

INCIDENT IMPACTS

5

Quantifiable• Loss of business• Loss of market share• Cost of incident response effort – technical, legal, marketing, remediation• Fines / class action lawsuits / FTC action• Credit monitoring• Security team / executive re-alignments

Recognize the business impact.

INCIDENT IMPACTS

6

Difficult to measure• Disclosure to customers, partners, interested government

agencies • Loss of intellectual property• National security ramifications

Recognize the business impact.

INCIDENT IMPACTS

7

Intangibles• Consumer confidence• Public perception

Recognize the business impact.

BIG PICTURE

8

Direct, proactive engagement• Are we prepared?• Are we protected?• Are we compromised?

Own the risk.

SPEAK THEIR LANGUAGE

9

You cannot afford to focus just on the business of Cyber Security or Information Technology• Understand the needs of the Company, Business Units and

Services Organizations

•Determine what data you need to be successful and protect it

•Work collaboratively

•Enable the business through securityEducate stakeholders.

SPEAK THEIR LANGUAGE

10

Elevate the communication of risk and security from ‘Geek Speak’ to ‘Exec Speak’• Don’t attempt to scare the audience, educate them

• Cyber Security Leaders have to elevate their communications to equal the new level of visibility• NOTE: There is no fancy Star Trek Translation Device for this

• Speak their language – Cyber Security Risk = ($$ + Long Term Impact)• Brand Reputation, Consumer Awareness, Penalties, Impacts to

Corporate Growth, High Cost to Respond Educate stakeholders.

ARE WE PREPARED?

11

• Incident response plan• People: skillsets, organizational structure• Risks: where are they?• Visibility, agility and collaboration between internal teams• Security operations and response processes

Prepare organization for the breach.

ARE WE PROTECTED?

12

• Security controls • Visibility• Testing and validation• Metrics and reporting

Prepare organization for the breach.

ARE WE COMPROMISED?

13

• Ongoing procedures to identify unknown intrusions• Are we executing the plan?• Do we have the right people in place? • Are we escalating and communicating effectively?

Prepare organization for the breach.

NOW WHAT?

14

When the breach occurs• Prior to declaring an incident• When convening the IR team• Managing stakeholder expectations throughout the response

THANK YOU