InfoSec 2016: 3/4 experts agree working together crucial to incident response

A group of industry experts joined for a panel to discuss enterprise-wide cyber-incident response plans and proactive techniques for a rapid response and three of the four panellists agreed it's all about the people.

From left to right: Andy Talbot, Hem Pant, Vicky Gavin, Calvin Dickinson
From left to right: Andy Talbot, Hem Pant, Vicky Gavin, Calvin Dickinson

A group of industry experts joined for a panel to discuss enterprise-wide cyber-incident response plans and proactive techniques for a rapid response and three of the four panellists agreed it's all about the people.

Hosting the panel was Andrew Kellett, principal security analyst at Ovum, who asked the panel to kick off the session by describing how they would handle a breach, what their plan is and if they could share any key aspects of it that might help others in the audience.

Andy Talbot, global head of cyber-defence at Vodafone, said that in order to become more pro-active you must first get the basics right. Talbot said, “Do the basics well, like patching, and the 80 percent of breaches that do happen because of basic things simply won't happen to you.”

And went on to encourage the use of threat intelligence as part of a security strategy to take things to the next level. Talbot explained threat intelligence has the power to encourage a more agile and pro-active response plan.

Talbot ended with the positive notion of “know your adversary”, arguing that if you know what's valuable to you, you're more likely to be better at protecting it.

Then it was Vicky Gavin's turn - in her role as head of information security and business continuity at The Economist magazine - she seemed to advocate a much more analogue and people based approach.

“Training is absolutely key to us at The Economist, as we want to make sure that when something goes wrong our people know exactly what to do and how to react. There is no point in entering the cyber-arms race, I'd much rather rely on my people knowing and understanding our cyber-incident response strategy which I keep in a cupboard, as people like to look at physical things when something goes wrong.”

According to Gavin, staff at The Economist practise the cyber-incident response plan at least once a year. They train both technical and non-technical staff to all talk the same language as the response strategy is based on “the ability to make decisions when we don't have all the information.”

Ending on a defiant note, Gavin quoted boxing legend Mike Tyson who apparently once said, “everyone thinks they have a plan until they get punched in the face.”

Hem Pant, CISO of ING Wholesale Bank, said that in the wake of the Bangladesh Bank hack, regulators in the region are waking up to the consequences of being relaxed on security standards.

According to Pant, this also has an effect on the bigger picture, where it takes work from other banks to convince their own customers that they are safe to communicate and do business with them.

It is for this reason that Pant wanted to break down silos that exists within businesses and make sure everyone communicates well with each other. This could lead to management team understanding the businesses risks and getting stuck with repairing reputation.

Final speaker was Calvin Dickinson, director of information security for Amgen. Dickinson seemed to mean businesses when he said, "In a previous life I used to work for an organisation that developed and built games where the detection of a cyber breach was treated with the same level of urgency as the place where I am now which is an industry responsible for developing lifesaving medicines and trying to keep people alive. The consequence however is far more significant with lives now at stake."

Calvin said the best strategy for beating the attackers is taking a head-on approach of working closely together with teams, agree on a strategy and an appropriate tone, and work together to ensure it goes smoothly.