NEW YORK CITY—Talking about when to "trigger incident response," during a panel discussion, speakers at ALM cyberSecure—which brought 557 attendees to Midtown on Tuesday and was hosted by GlobeSt.com's parent company—first worked to convey to attendees the high probably of an attack.
It didn't take them long.
"It's virtually impossible that you won't be attacked in the next 18 months," declared panel moderator Mark Sangster, VP, marketing, eSentire.
Added Richard Jacobs, assistant special agent in-charge of the cyber branch, New York office, FBI, "There are still companies that don't think an attack against them is likely, but on Sept. 10th, 2001, the thought of airplanes crashing into buildings and killing thousands of people didn't seem likely either. So we need to be ready."
Attorney Vince Polley, principal, KnowConnect, echoed that last thought. "The time to start planning is now." He advised professionals to first conduct a risk assessment. "Determine what do you have and what you need. Evaluate using third party service providers and the rules that apply to your behavior set by industry organizations."
He also suggested putting together a team of first responders. "Identify the internal team; those who will have to make a decision and take action when an incident happens. That should include people in governance, information technology, legal, press/investor relations, marketing, sales and financial systems. Don't let customers fall into the trap that IT can solve this alone; it can't."
Further, Polley advised, "Pre-arrange external resources, such as law enforcement and technical tools/providers. If you've practiced and developed relationships and cues with each other before hand, it's a lot easier—which means cheaper. Organizations that are proactive and have good incident response planning have been shown to see a shift in the costs of mitigating a breach."
However, Jacobs added, "Mitigating a breach isn't enough. We want to get the adversary out from behind the keyboard. No agency can do it alone," he conceded, "it requires collaboration with foreign agencies and the private sector," work that the FBI already is doing, he noted.
Companies shouldn't be afraid to turn to law enforcement, Jacobs asserted. "Contact the FBI as soon as possible after an incident. People think that will get the information that's been compromised out to the press or other agencies but that's counterproductive for all of our organizations, and we're not obligated to notify other government agencies.
He continued, "Our main goals is to keep things as quiet as possible. It's always confidential until and unless there are court proceedings, which most likely will happen only if the Dept. of Justice decides to bring charges."
In terms of what's ahead, Jacobs advised, "Great inventions are created to ease our lives but as they mature, those tools become weaponized. It happened with our computers and now, look for an increase of exploitation in mobile devices and things we're not thinking of, like the 'Internet of Things.' With the newer devices, we're just scratching the surface."
Want to continue reading?
Become a Free ALM Digital Reader.
Once you are an ALM Digital Member, you’ll receive:
- Breaking commercial real estate news and analysis, on-site and via our newsletters and custom alerts
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
*May exclude premium content© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Rayna Katz
Rayna Katz is a seasoned business journalist whose extensive experience includes coverage of the lodging sector, travel and the culinary space. She was most recently content director for a business-to-business publisher, overseeing four publications. While at Meeting News, a travel trade publication, she received a Best Reporting award for a story on meeting cancellations in New Orleans during Hurricane Katrina.
