Conf42 Incident Management 2024 - Online

- premiere 5PM GMT

React and Respond: Enhancing Incident Management with Cyber-Awareness

Abstract

Transform your incident management strategy with “React and Respond: Enhancing Incident Management with Cyber-Awareness.” Discover how fostering a culture of cyber-awareness can lead to faster, more effective responses to cyber threats. Equip your team with the knowledge to handle incidents!

Summary

Transcript

This transcript was autogenerated. To make changes, submit a PR.
Hello, my name is Victor really lovely to meet you guys. today I'll be speaking on a topic called react and respond How to enhance incident management with cyber awareness. It's really important for you to understand that cyber awareness plays a crucial role enhancing incident management. Whether you're talking about incident management for a small incident or for a very large incident. How cyber aware your employees or your teammates or your colleagues are. Plays a very big role as regards how you are able to like bounce back and, move on with your business continuity plan in the case of an incident. So looking at, this in depth today quickly. First of all, it's important for us to understand that the cyber threat landscape keeps increasing, and the tactics being used by cyber criminals keep evolving. They're on the, with the advent of AI, generative AI, there's the attack surface keeps increasing. And of course, There's a target variety in the sense that different, there are so many, soft targets, so many people that could be targeted from small businesses to hospitals and, manufacturing, any organization could be a target. So hence the need to be cyber aware, there's also financial impact if an organization falls victim to a cyber security attack. Obviously it will cause downtime. And if it's, for instance, if it's a ransomware attack, it could also have some financial impact where the malicious attacker could ask for some money before they actually give that organization access to their data. And sometimes even after paying some organizations are not still sure of getting their data. So the cyber threat landscape is really, evolving every day. There's also the issue of data privacy, with the cyber security attack, the data you have, your sensitive data. is compromised and data privacy is also compromised. So it's very important for us to, have a cyber aware culture. very important. So what is important cyber awareness for incident response, early detection. If you have employees who are cyber aware, they'll be more likely to be more eagle eyed. They'll be more likely to spot inconsistencies, which could actually lead to a cyber attack. Okay. They'll be able to spot suspicious activities. For instance, if you've trained your staffs on how to identify a phishing email, it'll be easy for them to, identify, Efficient email some day and let you know that okay, we're receiving efficient email from this particular email and stuff like that You can actually mitigate it. So with Cyber awareness you are able to effectively mitigate cyber attacks In your environment. Also, there's also going to be reduced risk. because remember that we are not just talking about technical measures because most companies invest so much in their technical security, spend billions of pounds in their technical security, but they don't do enough to make sure that their staffs are cyber aware, right? because your staffs are your human firewall. So you want to make sure that your staffs are well trained and they are cyber aware to understand the threats that cyber. that malicious actor posed to your business. when we talk about cyber security awareness, what comes to mind will be employee training and continuous education is very important for you as part of the induction for your staffs to give them a very good and robust cyber security training. Okay. Let them have a good understanding of common cyber security threats and cyber security best practices, and let them have an understanding of the instance response procedures. If you would fall to an attack. Also, you also need to encourage your staff to update your system regularly because and open the softwares you use because, with updates, the vendors of those software are able to get patches wherever these softwares are vulnerable. The vendors are able to like those patches with the updates, you will get a security patch for the software and practical exercise. Part of your Employee training should also involve maybe gamifying your trainings in a way that you could simulate real world scenarios and to make it to be more interesting to your employees who are participating in this training so that they can actually get a hands on experience as regards. Okay. What's the entails when there's a cyber crime, what do I do? What do I not do? Okay. It's also important that when you run this training, you want to get feedback, maybe survey, you want to observe, and. Axios, trainees, what worked, what didn't work, so that you can actually keep improving it because, cybersecurity awareness training is not something that is not just something you just do in a rigid manner. You have to be flexible. You have to keep changing. You have to keep making it better based on feedback. So it's very good. practice to always get feedback after a cyber security awareness training, then how do you also need to implement a robust incident response plan so that if you were to actually fall to a cyber attack, you want to have players and responsibilities, who's going to handle what, who's going to call, the police. Who's going to inform the ICO that there's been a data breach? Who's going to do what and all that? who's going to speak to the, the press, as regards the extent of the data breach, do you have a legal team in place? things like that. So you want to have, you want to have, an established procedure as regards how you want to, handle your incident response. And communication is really key, for example, for you, especially for your staff who may be working remotely, if they find out that they've been hacked or something, your. Staffs are supposed to have a, a clear, and a response, a rapid and responsive communication channel through which they can actually contact you as their manager or maybe their CEO that, okay, this is the, this is what we are going through. We've been hacked and stuff like that, so having a good communication strategy can also help you in terms of an incident management. Then you obviously so many organizations is already, utilizing, automation and automation and AI tools for fast detection endpoint security. Basically, we have to this is like the, the CrowdStrike Falcon go, tools like that can be used cloud solutions like the Falcon go. Can be used by small businesses, medium businesses, and, you can use those solutions like AI driven Sentinel one, carbon black, there's so many solutions you can use for trade detection and elimination. Okay. So you want to actually make use of those. If you can actually afford it and use those for Monitoring the networks of your vulnerabilities and keeping your system safe. So it is very important to foster a culture of cyber resilience. When we talk about incident response management, your staffs, your people who work for you, your employees have to be, have to need, have needs to have security awareness. They need to have security awareness. And how do you do this? You do this by communicating best practices and also promoting. A culture of openness where your employees feel free to communicate with you, where there's no barrier, they are willing to be open with you to discuss with you. There should also be a facilitation of information sharing. Each department, if there's an information that could help one department, maybe the accounting department should be able to share information as regards cybersecurity to the engineering department. If they know that is going to help them. Mitigate their cybersecurity challenges. Like I said in the previous slide, continuous learning is very important. You should be conducting a cybersecurity awareness training regularly for your team. you shouldn't just say, Oh, I'm going to be doing this just once again. You, the cyber attackers are not really sleeping. They are also innovating. They are also improving. So you want to also make sure that your human firewalls, which are your staffs, are also improving in terms of their cyber awareness. So continuous training is very important. Okay. So in conclusion and the key takeaway, what you need to understand is that cyber security awareness is not just a one time thing. It's an ongoing process as we keep on discovering new and new vulnerabilities every day. Individuals need to also stay on top of their game and keep, learning and keep knowing, okay, these are the tricks, these are the tips and tricks, I can use to stay safe from cyber attacks. And employee training and continuous education, like I said in this It is a non negotiable. It is important to carry out employee training regularly. Also, you can also use, endpoint security tools. Like I spoke about Falcon. I spoke about Sentinel 1 to protect your technical, in terms of your technical security, so that you can protect your attack surface. And you also need to foster an atmosphere of openness. Within your staff so that they can always talk to you and open up to you. If they feel something isn't right, they can always talk to you and you can, mitigate that challenge immediately. with that, you don't be proactively to handle, incidents. So I thank you for listening to me and thank you for listening to this talk. I hope you actually enjoy this and I hope you actually learn something from it. Cyber security remains everybody's business. It's not just the cyber security analyst business. It is your own business too. So you need to be cyber safe. Thank you very much.
...

Victor Onyenagubom

Lecturer in Cybersecurity @ Teesside University

Victor Onyenagubom's LinkedIn account



Awesome tech events for

Priority access to all content

Video hallway track

Community chat

Exclusive promotions and giveaways