5 Steps to Better Incident Management

When a breach happens, do you know what to do? The first reaction is usually panic. When panicking, people often act shortsightedly. With a proper crisis management plan and regular rehearsals, you’ll be able to avoid the common mistakes.

Author: Taija
Date: 11.05.2018
Read Time: 2 Minutes

Breaches happen, that’s for sure. But most companies are not prepared. Just like an average person is not prepared for being mugged. The final episode of our Adventures in Cyberland focuses on incident response and how can companies be better prepared to face breaches. Check out the video, including a real-life breach story from the Ministry of Foreign Affairs of Finland:



Here are 5 takeaways from the discussions our host Linda Liukas had with F-Secure Practice Leader Tomi Tuominen, F-Secure Principal Risk Management Consultant Marko Buuri and our special guest, CISO Antti Savolainen from Ministry for Foreign Affairs of Finland.


1. Don’t panic

Most breaches stay undetected for months or years, so there’s no need to freak out and rush into impulsive solutions. Most mistakes are made within a few hours of discovering a breach. So, get a cup of coffee and take a deep breath. Stay calm and focus on what you are doing.


2. Don’t destroy evidence

Don’t shut down your computer, that’ll wipe out important information. Logs are a valuable source of evidence. Disconnect from the network to prevent the attacker from continuing his actions and stealing your data.


3. Call for help

Get a professional involved. With experience in cyber incident management, they can help you out in organizing the forensics and public relations. Write down what happened to help the forensics team to reconstruct the timeline and find out what happened.


4. Make cyber security everyone’s business

Build a culture, where cyber security is not only IT department’s, but everyone’s business. It starts with awareness. Your employees should know, what information is sensitive and confidential to your business.

Create a culture of mutual trust, where employees are not treated as the weakest link of security. Everyone should feel confident to alert the information security people, when they spot something suspicious.


5. Be prepared

Know your infrastructure better than the attacker, and you’ll be able to defend against future attacks. Get an assessment of your infrastructure and go through your processes. Most issues are process problems instead of technical problems. Make sure you have visibility to your own organization. Have a crisis management team, a plan and run regular rehearsals.

Be prepared – before you get hit.


Tomi Tuominen, Linda Liukas, cyber security, incident response


In F-Secure’s new video series, Linda Liukas goes on a journey to discover the answers to some of the most burning questions in cyber security. Linda meets the brightest minds in the field of cyber security to learn what type of cyber threats are out there and why modern breaches are so difficult to stop. She agrees to let our cyber security experts hack her, finds out how to detect and respond to breaches and how cyber security can benefit from artificial intelligence and machine learning. Watch the previous episodes here.

Post Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s