Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


Risk Management

Get Security and Business Teams Aligned by Assuming You’ve Been Hacked

Security Organizations and Businesses Must Plan and Prepare for Information Security Incidents and Breaches Together as One Team

Security Organizations and Businesses Must Plan and Prepare for Information Security Incidents and Breaches Together as One Team

Operating with the assumption that you’ve already been hacked makes security incident response planning a priority for the organization. Security professionals know that, but it is not a perspective shared by the business. Business leaders aim to avoid negative news, make business as frictionless as possible and spend as little as possible on security. Telling them that a hack is a matter of “when” not “if” could be a career-endangering conversation.

Yet, for all the resources spent on security ($86.5 billion worldwide in 2017 according to Gartner), we are constantly reminded that users are the weakest link and privileged users pose a significant threat. Security incidents and breaches continue to make headlines, and criminals are constantly evolving their attack methods. Even independent businesses are finding themselves in the line of fire for nation-state attacks. Only the most myopic would think it can’t happen to them.

Getting business leaders to think from the mindset of “already hacked” starts with a conversation that can then lead to a path of increased alignment with security priorities. Assuming that you are already hacked will not only require involvement from your security team, but active participation from business partners as well. Consider these approaches together with your business partners.

Plan and train for the initial incident and breach response

In my years as a U.S. naval officer, I spent more time training to fight fires than I did training to launch missiles. That’s because the most likely threat to a warship at sea is fire – either accidental or caused by battle damage. Every person serving on a naval vessel is trained in damage control tools and procedures, even the officers.


Advertisement. Scroll to continue reading.

Strategic Planning

Similarly, security organizations and businesses need to plan and prepare for information security incidents and breaches together as one team.


Breaches will occur at different severity levels, and increases in severity should result in escalating levels of resources needed to respond. For example, an incident of criminal activity that does not affect customers may not require executive participation. But if your business becomes front-page news, the brand management team and the CEO may need to create statements for the press, craft compensation plans for victims and communicate to shareholders.


Like the Pentagon has its “OpPlans” for various scenarios, such as responding to an invasion of South Korea by North Korea, these plans must be written, tested and trained against regularly. Many organizations use a “red team” for penetration testing, which can be completed by an internal team, outsourced to a third party or orchestrated through a bug bounty program. Even your auditors can provide scenarios. As they find vulnerabilities and weaknesses, incorporating their findings into an exercise can add realism to your tests.


These are tasks best performed without the pressure of an incident hanging over your head. And these exercises can give your business a new appreciation for what can happen, helping executives get a better sense of what security teams are up against when making the case for additional resources.


Plan and train for remediation 

While good security teams already have procedures in place to remediate a breach, such as patching systems or recovering from backups, there are more than the technical tasks to consider. Legislation, such as GDPR, may require very specific timelines for notifying those whose personally identifiable information has been stolen. Attorneys may have
to prepare to defend against lawsuits. Criminal forensics need to be gathered before evidence is destroyed by restoring from a backup, and shared with the appropriate authorities.

The business is also the source for prioritizing service restoration. If you have multiple services impacted, say by ransomware, how do you know which ones to restore first? The business should have business impact analysis (BIA) documents that must guide these decisions. Don’t wait for an incident to understand where these documents are kept and translate them into something usable for the security team.

Perhaps even worse than a lack of incident response planning is a presumption that you’ve arrived from a security perspective. That you are invulnerable to the types of attacks that others are experiencing. Get comfortable – get hacked. The business needs to understand that the threat environment is constantly evolving and no matter how strong the security may be, it’s essential to prepare for the inevitable day when a breach occurs that demands executive attention. When it happens, instead of clashing over perceived priorities, CEOs can walk into the boardroom with a plan and security can mitigate the effects. 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Risk Management

In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing.

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.