Responding to a security crisis can be a challenge for most cybersecurity teams. It can be doubly so for a team with relatively new and inexperienced security professionals.
Mistakes that security groups often make when responding to an incident can be amplified when individuals with little prior experience are suddenly called in to deal with an exploding crisis. Problems can include everything from failure to understand the scope of a breach, not knowing how to escalate, and communications breakdowns to technical mistakes like not retaining logs, not making backups, and pulling the plug too soon on infected systems.
Preparing a cybersecurity team for a crisis is a multi-step process that requires a blend of theoretical knowledge and hands-on experience, says Craig Jones, vice president of security operations at security operations firm Ontinue. “The CISO or security leader must invest in comprehensive training programs that cover detection, response, and mitigation of security incidents, as well as conducting regular crisis simulations such as tabletop exercises,” Jones says. “This will not only ensure that the team is well-prepared for a potential crisis but…
