Attackers have most of the advantages. They know whom they will be attacking, when, and how. A persistent attacker causes problems that fall outside of normal incident response procedures. How companies respond can have serious ramifications for business and reputation.
For example, the response by Equifax to this year’s hack dubbed the worst data breach in US history demonstrates how a rushed or delayed communication response can increase the damages of a disruptive crisis, and the currently unfolding story about the 2016 Uber hack coverup demonstrates the importance of transparency.
To help our community prepare for a cyber crisis, AARNet recently hosted a DDoS (Distributed Denial of Service) based cyber crisis exercise with representatives from 20 of our member institutions. The exercise focused on communications and incident response to a persistent attack. Here, we share the key takeaways from the session:
AARNet would like to thank Eric Pinkerton, Virginia Calegare and Henry Ward from HIVINT for working with us to develop and run the Cyber Crisis Exercise, and prepare this advice.
Hivint offers a free high-level Incident Response run sheet in their securitycolony.com portal. If you like it and are interested to see what else is available then you can sign up for free here.
Oct 18, 2017
Sep 27, 2017