New cyberattacks are discovered every single day. Organizations should not be considering if they will be attacked, but rather when they will be attacked and what proactive measures must be taken to ensure the company will survive.
Topics: Incident Response
Incident Response is a series of investigative and remedial steps that a company takes in the event of a breach or other security incident. These restoration efforts can include backtracking through log data, isolating affected machines, and even negotiating with cyberterrorists!
The best approach to security is a proactive one, but nobody is perfect. What happens when a determined attacker finds their way into your network? How do you know where they have been, what they have seen, when they got in, and how they gained access? How do you prioritize remediation and confirm that the bad guys are out of your network? Incident responders, like ProCircular's Aaron Heikkila, are at the ready to swoop down and stop the attackers in their tracks!
If you were going to test the fault-points of a building, you wouldn’t hire the architect, you’d hire a demolitions expert. Similarly, you don’t want the designer of your network testing its security. If the team that configures your network does so incorrectly, they are most likely unaware. The creator of the environment has an inherent bias based on the angle from which they view it. They are blind to vulnerabilities, not necessarily because they are under-qualified, but because they are too close to the project. A security team has a “black box perspective”, which means they have the same outside view of the system that an attacker would. This outsider point of view is just one of the advantages a security expert has over an internal IT team. They also have the training, experience, time, and resources that would be impossible to lump in with a standard IT program.