Why is treating a snake bite like responding to a data breach? It might sound like the beginning of a cheesy joke, but the two can have more in common than you might expect.
First, each require an initial triage that is generic to all incidents. For a snake bite you immobilise the patient, bandage the limb, and call an ambulance – little more can be done until the professionals have more information. The initial response to a breach or intrusion is equally predictable: engage key stakeholders, isolate the threat, and call the lawyers.
For both, the subsequent remediation efforts become highly diverse once further detail is uncovered about the incident. With a snake bite, the crucial next step is to identify the species to determine the correct antivenom; attribution and remedy are unquestionably mutually beneficial. With a cybersecurity incident, determining the correct ‘antivenom’ is often not so clear. Do you dive deeper to determine the techniques, severity and persistence of the threat, or do you focus on damage control? Sometimes attribution is crucial; at other times it provides little more remediation value than entertaining curiosity. Assuming it is possible at all, of course – which is rarely a given from the outset…Click here to read full article.
