Cyber Incident Response and Investigations: Different approaches and experiences in the region

We’ve seen an increase of using cyber to disrupt operations of businesses.

The goal is to deter bad security by punishing people after a breach happens.

Depending on what sector you’re in, the regulator of that sector is likely to come out with additional rules that you’ll have to keep track of and comply with.

Now we have AI and the hackers are all well-organized, they collaborate between each other.

Basically we need to spend 70% of the time to prepare to an incident.

The recommendation is to define scenarios, think about what type of attacks you should suffer and don’t underestimate internal attack.

We need to identify how the perpetrator get access to the network and what resources are compromised, the intention behind the attack.

The first thing to be done is reach out to legal counsel and make sure to the extent possible that whatever the company is doing is protected by attorney client privilege.

The risks that will put a company closer to suffering a Cyber-attack are not just coming from IT issues but also from human behavior, it is mandatory to educate people.