Incident Response & Threat Intelligence

B3: Incident Response – How To Give the Advantage to the Hackers!

Thursday, June 8, 2023 1:30 PM - 2:30 PM

Room 405/406


Quick Abstract: What happens in the middle of a cyber-attack when things are not going as planned? This session will focus on actual case scenarios where things did go wrong giving the advantage to the hacker! Full Abstract: The key to surviving a cyber-incident is knowing precisely what you should NOT do when the pressure is on. Having an Incident Response plan allows you to launch a mitigation effort, but it opens a door that leads to a landscape of land mines. Being successful in managing an incident requires that you know exactly where the landmines are hidden so you can avoid making a mistake that can end a career and/or cause severe damage to your company. This is a critical survival skill for those who manage an Incident Response Team. Unfortunately, until now this skill is only learned through experience, and on numerous occasions, we have routinely witnessed companies shooting themselves in the foot as they are repeatedly blind-sided by events during the incident response they never saw coming. As a result incident response efforts take longer, cost more, and can make the situation more unstable than the hacker could have done alone. Your executive team will be asking questions fast with very little patience for incomplete answers. Communicate the wrong information or make a misstep and you may subject the company to lawsuits and regulatory fines. The incident response manager needs to be prepared to “manage the Managers.” What actually happens when you are in the middle of a cyber-attack? You are faced with many decisions where you have incomplete or suspect information. Make the wrong decision and you give the advantage to the hackers! Time is your worst enemy. Incident response is a marathon, not a sprint. Learn from the experts on common mistakes made managing the resources and how to fix them inflight! You need to be able to prioritize the activities and make trade-offs for competing resources. We will review some of the common resource mistakes and how they can be resolved. What if you have to shut down part or all of the system? Do you have the right information, processes, and executives involved to make that decision quickly? Hear from an expert that has lived the “frenzy” of a cyber-investigation. This presentation explores the most common “gotchas” you are likely to encounter during an incident response effort, and actions you can take beforehand so that you may avoid creating a situation where you become a bigger threat than the hacker. This session will focus on actual case scenarios, what to expect and how to react. The do’s and don’ts and best practices learned from combating attackers during the attack.

Learner Objectives

Using scenarios the audience will: - Understand the real security and business threats in incident response - Understand key processes including using tabletop exercises in incident response - Importance of building an incident response cross functional team - Know the criticality of knowing where your assets are and collaboration with others for enhanced threat intelligence - Drive a top-down culture getting commitment of top executives and then cascading to employees and third parties