What can we learn from Real-Life Examples?
Retail giants Target and Home Depot are two notorious examples of large-scale cyber-attacks. In both cases, tens of millions of credit cards were stolen, and their cybersecurity measures had not been properly implemented. These companies were, effectively, biting more than they could chew. As they sorted through millions of alerts from their systems, they missed the small indicators that something was wrong.
We can learn from this that your organization doesn’t have to look and sort through everything. Buying some artificial intelligence machine learning-driven solution isn’t going to solve all of your problems. Discovery of your cybersecurity problems needs to be left to someone who can sort through data and see possible threats- no expensive software required.
Next, let’s look at the Recover function in the NIST Cybersecurity Framework and some real-life examples of companies who handled their problems well and those who didn’t. First, the Recover function is all about cleaning up the mess that was created during an attack. Here’s an example citation, RC.CO-1: “After a public data breach, how well do you manage your public relations to protect your organization’s reputation?”.
Most of us have never done this before, but you cannot wait until you’re in that situation to figure out what to do, you need a plan. The second example is probably one that you’ve heard about, which is the complete dumpster fire that is Equifax’s data breach. They struggled to explain themselves during their congressional testimony, which can be found to be negligent. Still, I have a hard time believing that the executives at Equifax explicitly knew that this could happen. Nevertheless, they keep popping up in the news as more and more information about their mistakes comes to light. I have an entire presentation where I break down the Equifax data breach and look at their work in each of the five NIST Framework functions, as it’s a great case study in what not to do when you’re recovering from a public data breach.