Not If, But When: A CEO's Guide to Cyberbreach Response

© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.

Not “If,” but “When”A CEO’s Guide to Cyberbreach Response

Jason Porter, Vice President of AT&T SolutionsTodd Waskelis, Executive Director of AT&T Security Consulting

Presentation title here—edit on Slide Master

© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.2

Cyberbreach response

The Problem The Solution

• 62% of organizations acknowledge a data breach in 2015

• Only 34% of organizations believe they have an effective cyberresponse plan

• The number of successful cyberattacks continues to grow year over year

• It takes an average of 229 days for a breach to be detected

• Multi-layered, end-to-end cybersecurity program

• Comprehensive, cyberbreach response plan



Cyberbreach response plan

• Put your plan together BEFORE your organization is breached (or before your next data breach)

• Don’t wait for the aftermath to figure out your best course of action

• While each successful cyberattack may have its unique attributes – amount of data stolen, impact on business operations, type of attack – an effective plan will still serve as a good guideline



Put your team together

• Your cyberbreach response team should be ready to spring into action the moment the breach is discovered

• The team should include more than IT personnel– C-suite– IT– Legal– Cybersecurity– Public Relations/Marketing/

Communications



Practice

• Conduct response drills and tabletop exercises with your team regularly

• Make sure your team members have “backups”

• Consider training from external cybersecurity experts



Short-term response

The first 24 hours

1. Activate the incident response plan

2. Remove or isolate the infection

3. Assess legal implications

4. Determine root cause

5. Involve the legal team

6. Define critical business impact



Long-term planning

• Along with drills and tabletops, conduct education and training for the entire staff– More than half of data breaches

involve employee error– These errors are drastically reduced

after repeated training and testing

• Conduct tabletop exercises and drills at least twice a year

• Invest in prevention and detection technologies to help defend against the day-to-day attacks


© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.

Poll 1

Does your organization have a cyberbreach response plan?

A. YesB. NoC. Not Sure

8



The four types of organizations

Progressive Proactive Reactive Passive

• Highest level of security readiness

• C-suite involvement

• Comprehensive cybersecurity prevention and response strategy

• Above-average security readiness

• C-suite awareness

• Basic steps are put in place

• Below-average security readiness

• C-suite pays little to no attention to cybersecurity or incident response

• Least ready

• C-suite is “hands off” in matters of IT and cybersecurity



Consider consultants

• Fresh pair of eyes• Expertise in finding gaps• Extensive knowledge of trending

threats, industry-specific attacks, etc.

• They can assess your current cybersecurity program and evaluate or help prepare your response plan



Poll 2

Has your organization ever worked with a cybersecurity consultant?

A. YesB. NoC. Not Sure

11



Preparing for the inevitable

• Impossible to predict when you’ll be hit

• The likelihood of cyberattacks continues to increase

• Rapid, thorough response will determine whether your data breach is a minor footnote or a major disruption



Q&A

12 © 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners. The information contained herein is not an offer, commitment, representation or warranty by AT&T and is subject to change.



For more information

Cybersecurity Insights Reportswww.att.com/cybersecurity-insights

Security Resource CenterSecurityResourceCenter.att.com

http://www.att.com/cybersecurity-insights


© 2016 AT&T Intellectual Property. All rights reserved. AT&T, Globe logo, Mobilizing Your World and DIRECTV are registered trademarks and service marks of AT&T Intellectual Property and/or AT&T affiliated companies. All other marks are the property of their respective owners.

Technology

Not If, But When: A CEO's Guide to Cyberbreach Response