Communal Learning: The Value of Spreading Incident Response Best Practices

Information security is a game of cat and mouse. Hackers break into a computer system, and security researchers shut them out. Attackers exploit other vulnerabilities, which leads researchers to patch them. That’s the nature of digital security. Tit for tat.

But that doesn’t mean those playing offense and defense remain static.

Just ask Thomas Schreck.

Schreck is a senior engineer with Siemens CERT and the head of its incident response team. He is also a Board of Directors member of the Forum of Incident Response and Security Teams (FIRST), one of the leading incident response organizations in the world.

By working on the front lines of incident response, Schreck understands firsthand that today’s digital attackers are smarter than ever:

“Targeted attacks are not only becoming more numerous, but they are also becoming more professional and are adapting more quickly to security defenses than they did in the past. This places the onus on security researchers to keep up with evolving threats.”

To aid information security practitioners in that task, Schreck intends to speak about incident response at Borderless Cyber Europe 2016. His talk will highlight how organizations at the global enterprise level can use threat intelligence to build an incident response process. He will also discuss challenges in responding to threats and how organizations like Siemens and FIRST are working to address those issues.

Schreck feels these real-world accounts will help organizations strengthen their own threat response capabilities:

“Lots of enterprises grapple with the same problems as the ones I’ve seen at FIRST and Siemens. That helps to explain why we want to talk about what we’re doing. What we’ve learned regarding incident response should not be kept from the world. Those best practices need to be shared. Doing so will help make it that much harder for attackers to accomplish their aims.”

He also hopes his presentation will help enterprises recognize the true value of IT:

“Most organizations see IT as something that just costs money. As a result, they’re not willing to follow best practices in incident response because they feel they’ll lose out on budget dollars. But that’s changing. With new regulations coming in, especially those introduced by the insurance market, IT is slowly proving itself to enterprises. I anticipate more organizations will realize the value of adhering to incident response best practices in the near future.”

For more information on Schreck’s upcoming talk, click here.

Borderless Cyber Europe 16 is an event where attendees will have the opportunity to discuss the importance of sharing threat information and learn from the experiences of one another. It is set for 8-9 September at the European Commission in Brussels, Belgium.

To learn more about Borderless Cyber Europe, please click here.