Tuesday, May 2, 2023
Fostering Mutually Beneficial Public-Private IR PartnershipsAlex Urbelis

It can be a lonely feeling when you're the victim of a cyberattack. But you don't have to run this gauntlet alone. Private companies can sharpen their incident response by seeking the aid and counsel of knowledgeable public-sector organizations such as law-enforcement agencies and governmental CERTs. Conversely, these public-sector entities can gain valuable intelligence from their corporate partners, which they can apply toward their investigations or public disclosures. This session will examine the key benefits of developing a symbiotic and open public-private incident response partnership. At the same time, we'll also cover scenarios where perhaps businesses need to keep certain information close to the vest.

Hindsight is 20/20J. Wolfgang Goerlich

There are few examples of disruption to the typical enterprise working environment than 2020’s sudden shift to remote work. Today, as conferences return to in-person and more workers return to their offices, we still see 80% of businesses supporting hybrid environments. What lessons can we learn from this industry-wide shift? The human condition is one of ignoring risk, as the recent pandemic demonstrated. In this session, Advisory CISO Wolfgang Goerlich will review behavior science research and explain how to transform risk management to gain buy-in and action. 

CRA Business Intelligence study takeaways: Incident response 

In March 2023, 205 security practitioners participated in a CRA BI study on their challenges and successes with incident response. Join Bill Brenner, CRA VP of content strategy, Dana Jackson, CRA VP of research, and report author Daniel Thomas for a look at where security teams continue to struggle/succeed, and where respondents plan to make investments in the coming year.

The Intersection of Incident Response, Disaster Recovery and Crisis ManagementCarlos Rodriguez

You may have a good cybersecurity incident response plan, a real-life tested disaster recovery plan, and a well-though-out crisis management plan. But what happens when one of these events morphs into a bigger enterprise issue? Does your executive team and do your staff members understand these plans’ synergies, especially when a cyber incident turns into a potential disaster? In this session, we will learn about how IR, disaster recovery and crisis management plans can all come together through improved coordination and a properly prioritized response and recovery effort.

Wednesday, May 3, 2023
Inside Your Adversary's Head Space: Psychology's Role in Incident ResponseMike Saxton

Sometimes it pays to think like a cybercriminal. Especially when you're trying to prevent further damage after a cyberattack strikes. With the right threat intelligence and attack attribution, you may be able to anticipate your adversary's likely next move, allowing you to make better decisions in critical situations. In this session we'll learn how security professionals can apply principles of psychology to improve your incident response and perhaps even socially engineer your attackers and extortionists.

Build Resilience, Starting with ReadinessLarry Gagnon

As cybercriminals continue to evolve their tactics, techniques, and procedures (TTPs) to deploy ransomware and conduct data breaches, it’s critical for security leaders to ensure they are prepared for any potential cyberattack to reduce downtime and prevent business disruption. The mean downtime cost for organizations experiencing a cyber incident can be $225K/day – in addition to costs incurred from fines and legal fees, loss of customer loyalty and reputational damage, higher incident resolution costs, and more. 

The least desirable time to first meet your incident response (IR) provider is when you’re responding to an incident. In this session, Larry Gagnon, Senior Vice President Security Services & Incident Response at eSentire will discuss why traditional pre-breach preparation strategies may not be enough to ensure optimal response and share tactical recommendations for: 

•    High value, inexpensive breach preparation strategies that work.
•    IR readiness that maximizes resilience and reduces downtime. 
•    Quantifying savings and time to value in incident response.

Incident response post-mortems: Grading your IR before the next attack strikesOlivier Caleff Serge Droz Chris Gibson

Whether you conducted a simulation or experienced a real-life cyberattack, it's crucial to assess how well you performed in your incident response. By evaluating and grading your IR, you can identity weaknesses and hopefully smooth over any rough patches in your response. This session will explain the value of IR post-mortems and present recommendations on how to optimally perform them in order to get meaningful insights.

Where's the Bottleneck? How to Improve Your Incident Response Time ManagementViolet Sullivan

Every second counts during an incident response – time translates into lost dollars. So if there’s a part of your organization that’s potentially dragging your response time down, it’s important to recognize and address the root cause of the problem. Since IR is as much a business process as it is a security process, there are lots of stakeholders involved, and any one of them could be the monkey wrench that’s gumming up the works and turning what already is a time-consuming recovery into an unnecessary slog. This session will identify some of the common problem spots and how to properly address them in order to improve your resilience following a cyberattack.