You have been breached? What Next? How to respond in the immediate aftermath
Most organizations in Asia continue to address breach response in reactive mode - having a crude disaster-recovery plan in place in case something "does" happen, rather than accepting that something "will" happen and proactively preparing for it.
It's time they realized that they no longer afford to remain in denial that they are under siege from cyberattacks. Legacy security thinking focusing on blanket protection of all assets has failed as a doctrine, and organizations find themselves helpless to mitigate the sophisticated intrusions that slip through the chinks in their armor.
Once breached, the post breach investigation and response is most critical, followed by building resilient defenses within a short span. Given the technological advancement and the technology sprawl, the practitioners are in a state of chaos. Against this backdrop, what do organizations need to unlearn and relearn about incident response? What do they need to do in the first 24 hours, 1 week, 30 days and so forth to mitigate and recover in a resilient manner?
The session will include:
- Enhancing forensic capabilities in detecting the breach;
- Pragmatic approaches to set the house in order;
- Why is it important to have a specialist response once an attack/breach is discovered;
- Should incident response be outsourced or should it be led from the front by the security team?
- Investigating security incidents & assessing compromise levels