5 Things Your Breach Response Attorney Needs You to Know Before an Incident

It is now clear that every company is at risk of a cyber-attack and resulting data breach no matter how diligent and sophisticated they are at cybersecurity. Most recognize that such an attack requires a technical response but do not realize that there are legal and business issues that must be addressed as part of the incident response process. One of the most important factors in getting this right is to prepare for it ahead of time.

Shawn Tuma is an internationally recognized thought leader, subject matter expert in cybersecurity and data privacy, and breach response attorney who leads companies through this process every day. He will explain the five most important things he wishes his clients knew before their incident and what actionable steps you can take now to prepare your company for such an event.

Rafal Los, Lightstream’s vice president of security strategy, will moderate the discussion. Rafal is well known for his podcast, Down the Security Rabbithole, that has over 25K monthly listeners. He is a recognized thought leader, speaker and industry contributor on cybersecurity topics.

Please send your questions, comments and feedback to: cynthia.lawton@lightstream.tech

The Red Herrings of Cybersecurity Blog Series 3 of 4

Welcome to 2021.

I felt like I needed to write that we survived 2020 and are now well on our way to whatever things this year holds. In this series, I’m addressing the things that your vendors do or say that are “red herrings” – that is, they sound good but aren’t quite right.

In this installment, I’m going to address complexity. Having been involved in selling cybersecurity solutions since roughly 2007, I believe I know a few things about this.

I believe with all my heart the following statement to be true.

“The value of any security solution is inversely proportional to its complexity.”

Give that a think for a second.

The more pieces of a solution your vendor has to virtually duct-tape together for you, the less real security value the solution holds overall. I do not doubt in my mind this is true. The reason for that – I’ve seen it with my very own eyes. I’ve witnessed 100+ page solution specifications that were so complex I don’t think anyone truly understood what was happening. Forget about actually explaining it.

I think customers sometimes believe that because a solution they’re being presented is exceptionally complex that it is better. That has something to do with the level of knowledge of the buyer. I’ve seen opportunistic sales teams take advantage of this, and it’s unfortunate.

The truth of the matter is simplicity always wins. It is difficult to debate that rationally. The more steps there are in a process; the higher the chance that there will be a failure along that chain of events. As a buyer, you should be looking for the simplicity of the overall solution. Additionally, look for simplicity in the various technology components, processes, and outcomes.

Rejecting complexity and insisting on simplicity is critical in security. It is particularly critical when you’re dealing with managed services. Here are 3 of the most important pieces, when it comes to keeping it simple:

  1. Engagement process – the process by which a customer engages with the vendor for specific tasks, workflows, or requests; for example, requesting changes or working incidents
  2. Integrations – connecting technologies together, to maximize their effectiveness, must be simplified to keep the system from becoming brittle and incurring unexpected outages
  3. Technical solution – the various technical pieces of the solution should minimize complexity by limiting the number of specialized components, and the number of times that a workflow passes from one technical system to another

There you go, part 3 on complexity. In a nutshell – if you don’t understand the solution someone is trying to sell you because it’s uber-complex … it’s probably not right for you.