Time Is Money With Incident Response – Chuck Leaver

Written By Kyle Flaherty And Presented By Ziften CEO Chuck Leaver

It was rather a day on July 9 2015 in the world of cyber security. The first thing to take place was the grounding of flights by United Airlines due to a technical glitch, this was followed soon later on by the New York Stock Exchange (NYSE) announcing they had to halt trading. This report came from the Wall Street Journal as you would expect, and they went offline soon after this.

This caused complete panic on the Internet! There was an enormous buzz on Twitter and there were a great deal of rumors that a well coordinated cyber attack was occurring. People were jumping off the virtual bridge and stating a virtual Armageddon.

There was general chaos until the 3 organizations declared in public that the issues were not associated with cyber attacks however the dreadful unknown “technical glitch”.

Visibility Is The Problem For Attacks Or Glitches

In today’s world it is assumed that “glitch” implies “attack” and it is true to say that an excellent team of hackers can make them look the same. There are still no details about the occurrences on that day and there probably never ever will (although there are rumors about network resiliency problems with one of the biggest ISPs). At the end of the day, when an event like this happens all organizations require answers.

Statistics suggest that each hour of incident response might cost thousands of dollars an hour, and in the case of businesses such as United and NYSE, downtime has actually not been considered. The board of directors at these companies don’t wish to hear that something like this will take hours, and they may not even care how it occurred, they just want it solved quickly.

This is why visibility is always in the spotlight. It is essential when emergency situations strike that a company understands all the endpoints in their environment and the contextual habits behind those endpoints. It might be a desktop, a server, a laptop computer and it might be offline or online. In this modern era of security, where the concept of “avoid & obstruct” is no longer a suitable method, our capability to “rapidly detect & react” has ended up being more and more vital.

So how are you making the transition to this new era of cyber security? How do you minimize the time in determining whether it was an attack or a glitch, and exactly what to do about it?

 

 

~leaverchuck1


No Responses Yet to “Time Is Money With Incident Response – Chuck Leaver”

Leave a Reply