Breach Preparedness , Data Breach , Events
CrowdStrike CEO George Kurtz Details Incident Response Essentials
Preparing for data breaches - to detect them quickly, respond appropriately and ascertain exactly what happened - can help make the difference between a security incident having major or minor repercussions, says George Kurtz, CEO of cybersecurity firm CrowdStrike.
See Also: Vulnerability Management with Analytics and Intelligence
"When you have an issue, what you're trying to really do is prevent the mega-breach," Kurtz says. "You might have somebody compromise a system or infect a system, but what you're trying to do is avoid those 200 days of having an adversary roam unfettered on your network, stealing intellectual property, or financial data or personally identifiable information."
Prevention, however, requires preparation, including honing an organization's breach-response plan in advance, as well as marshaling and training everyone who will be required to help respond. The same goes for technology - for example, being able to replay what happened on any given endpoint after a potential breach gets found.
"Knowing exactly what piece of malware - as an example - touched a particular document may either cause you to have to notify that you've been breached, or it may save you potentially millions, because you can ascertain and empirically prove that that document or data element wasn't touched," he says.
In this interview with Information Security Media Group conducted at the Infosec Europe conference in London, Kurtz also details:
Best practices for complying with the EU's new General Data Protection Regulation and related notification requirements; The importance of running tabletop exercises to help organizations hone their data breach response plans; The case for having an organization's legal team hire outside incident responders in advance of a breach; Factoring the potential for malicious insiders into incident-response plans.Kurtz is CEO of CrowdStrike. Previously, he served as the worldwide chief technology officer - amongst other roles - at McAfee, was also the founder and CEO of Foundstone, and developed the first ever internet penetration-testing methodology for all of Price Waterhouse.