From the moment you notice the compromise to the time you decide to mitigate and remove the threat, always be on the front foot. Have a plan and work aggressively on implementing it. The longer you wait to investigate or act, the more potential victims or corporate loss you may be incurring.
The best made plans will never fully prepare you for the real thing, but they will put you in a position that is much stronger than someone without a plan. Keep your team sharp, run regular drills and tests to ensure that your plan happens naturally and doesn’t turn into a bunch of arm flailing madness.
The other place where being on the front foot is critical is when dealing with any publicity surrounding internet security incidents. The media loves a hacking story and they do get very serious coverage, wether you want it or not. From experience I can tell you the only way to handle this kind of story is to get your story out first and to position it carefully, not allowing interviewers to drag you off message.
When the NBN Hacker incident happened, I was interviewed on TV, Radio and Print media 37 times in 3 days and had to decline a further 13 due to there only being one of me. Calls started at 6am on the day after the arrest when the Federal Police made their announcement and kept coming and coming.
If you are in a similar situation to me, you are going to need a dedicated person to manage incoming calls and requests and to keep a log of the interviews as they happen. Like you would when collecting evidence, keep notes on each journalist you speak to, their contact info and any notes on how the interview went.
I can’t explain how important being ready for the influx of attention is and having a simple, memorable message to convey is. If I wasn’t prepared for the questions that were thrown at me, be they negative or positive, the process would have been incredibly traumatic instead of the positive working together story that we were able to tell alongside the AFP. Tell your story, lead the story, don’t allow negative angles to be explored, always redirect negatives to the core message.
I am a telco & internet entrepreneur, nerd wrangler and massive lover of bacon. I was involved in the investigation of and successful conviction of David Noel Cecil – “Evil, The NBN Hacker”.
This article is written from the experiences I had before, during and since the successful execution of Operation Damara. My experiences are from a telco perspective however they are just as applicable to corporate and government networks.
I currently work with several Australian Telco’s and IT businesses, developing Incident Response Plans and helping them ensure the ongoing continuity of their mission critical infrastructure.
If your organisation doesn’t have a strategy for dealing with internet security incidents, I would love to help you out!
Shoot me an email – firstname.lastname@example.org or grab me on Social Media for more information.