Due to lack of preparedness, the average company’s response to cybersecurity attacks is causing more damage, financially and otherwise, than the breach itself, according to IBM Security’s vice president of threat intelligence, Caleb Barlow.

Lack of preparedness for cybersecurity attacks continues to be an issue for organizations. In fact, a study from the Ponemon Institute found that 75 percent of organizations do not have an incident response plan applied consistently across the organization. With the General Data Protection Regulation (GDPR) in effect starting in May 2018, organizations that do not disclose breaches within 72 hours risk facing fines of up to 20 million euro or 4 percent of global revenues, whichever is higher.

Speaking at the recent Wired Security 2017 conference in the U.K., Barlow told a real story in which he and his team had to inform a company about a cybersecurity incident. He said he was surprised to discover that the chief information security officer (CISO), chief information officer (CIO) and CEO were all absent on the call. Even worse, the briefing about the incident led not to an action plan, but a request that Barlow’s team put all the information into a PowerPoint presentation to be shared with the executive team later in the week.

“This is an issue of people not understanding the urgency that you’re under, and the need to respond and be on mission when something like a cyberbreach occurs,” Barlow said.

Demonstrating Leadership During Cybersecurity Attacks

Barlow explained that IBM Security has been developing a framework to show how companies act “left and right of boom.” The boom, in this case, refers to the moment a cybersecurity incident becomes public knowledge. While many organizations are focused on mitigating the damage of an attack when they first discover it, they often fail to consider their plan once customers and the media find out. Both are equally important.

Some good practices for dealing with “right of boom” moments include writing key numbers to call after a cyberattack on the back of employee badges, Barlow said. Some companies even have trucks roaming outside data centers filled with binders that detail key processes and satellite uplink connections that allow security professionals to receive data in the event of a communication failure.

“You need to demonstrate leadership during a breach,” he said. “If you don’t, if it looks like you’re trying to hide something … it’s not going to play well in the court of public opinion.”

The Commander’s Intent

Barlow described the right approach as “commander’s intent.” This includes focusing first on protecting the safety of employees and customers, then data and, finally, the company’s brand.

Watch the video to see Barlow’s complete talk, including the two sectors that IBM has deemed the best prepared to deal with cybersecurity attacks when they take place.

Watch the video: IBM Security’s Caleb Barlow and Wired Security

More from

Bridging the 3.4 Million Workforce Gap in Cybersecurity

As new cybersecurity threats continue to loom, the industry is running short of workers to face them. The 2022 (ISC)2 Cybersecurity Workforce Study identified a 3.4 million worldwide cybersecurity worker gap; the total existing workforce is estimated at 4.7 million. Yet despite adding workers this past year, that gap continued to widen.Nearly 12,000 participants in that study felt that additional staff would have a hugely positive impact on their ability to perform their duties. More hires would boost proper risk…

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.  Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats.Signature-Based Antivirus SoftwareSignature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique to the respective…

How Do Threat Hunters Keep Organizations Safe?

Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not detect the attack because the transactions looked normal. But with Wyler’s expertise, he was able to realize that data was leaving the environment as well as entering the system. His efforts saved the company from suffering even more damage and…

The White House on Quantum Encryption and IoT Labels

A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered were in line with expectations, others drew more attention. The emphasis on critical infrastructure protection is clearly a top national priority. However, the plan is to create a labeling system for IoT devices, identifying the ones with the highest cybersecurity standards. Few expected that news. The topic of quantum-resistant encryption reveals that such concerns may become a reality sooner than…