#Infosc16: Hall of Fame Inductee Brian Honan Urges Firms to Start IR Planning Now
Reach out to law enforcers, local CERTs and regulatory bodies now before something goes wrong, so that you’re incident response is better prepared to cope with an eventual breach.
Speaking on stage with Infosecurity editor, Dan Raywood, Honan – who also has a role as special adviser to Europol – claimed that building relationships with these bodies would help in the long run so that “when you do have to pick up the phone, you’re not a stranger.”
Other key elements of effective incident response planning should include reaching out to internal stakeholders such as legal teams and PR and marketing departments..
Honan also argued that the white hat community needs to get better at information sharing.
“The [cybercriminals] are highly coordinated and competitive and realize that by working together they can make more money,” he said. “We need to work together more and not be worried about sharing commercially sensitive information.”
Dublin-based Honan also complained that the industry is too fixated on hyping the latest major threats – arguing that ransomware is ultimately just another form of malware, albeit a particularly aggressive one.
First, they should instead concentrate on getting the basics right and they’ll eliminate a large percentage of risk.
“If we keep responding to the latest threats, we’ll never have time to get the basics right,” Honan claimed.
He also warned that not only finding but retaining the best talent is increasingly difficult – and said the industry could be shooting itself in the foot by focusing too much on qualifications and certifications.
Honan himself fell into security after he began working at life insurance provider Irish Life in the 1980s – with just a Diploma in HR management to his name.
“The hook that got me into security was how we could get the same level of security on our PCs as the mainframe,” he explained.
Honan follows industry luminaries including Bruce Schneier, Jack Daniel and Rik Ferguson into the Hall of Fame.
Source: Information Security Magazine