[Podcast] Data Breaches: Bridging the Gap

Veteran security consultants stop by to talk about where companies are failing in their approach to breaches, and how they can do better.

Author: Melissa Michael
Date: 14.02.2018
Read Time: 2 Minutes


Data breaches usually leave companies red-faced and scrambling. How should companies prepare for them? When they happen, how should businesses react? And that ever-persistent question, who’s to blame?

In our latest podcast episode, F-Secure’s principal risk management consultant Marko Buuri teams up with principal security consultant Tuomo Makkonen to answer these questions. Here’s just a sampling of what they talk about:

Breaches happen because…

Two major areas of the company, the business unit and the technical unit, are not in sync with one another. The IT guys understand the technology, but they aren’t clued into the business impacts of a breach, so their efforts are not in the right balance with the business risks. The business side understands the impacts of a breach, but they’re not in control of the technology. These two units need to engage, discuss and begin to establish a healthy risk culture.

The cyber attack companies should prepare for in 2018 is…

Companies should not prepare for just one kind of cyber attack. If you take WannaCry and NotPetya, for example, no one was expecting those particular attacks. So there’s no point in preparing exclusively for what’s already happened, or for one specific kind of attack. It’s more important to have good general hygiene, have the proper tools and processes in place, understand your threat landscape and your technology and how to protect it, and have a plan for responding in a coordinated manner.

NotPetya and WannaCry happened because…

Of course, the companies were using old software. But speaking from a risk management perspective, no one in the organizations who got hit probably willingly accepted the risks of running old software. Rather, they either didn’t pay enough attention to evaluating the risks, or they downplayed the risks, thinking the risks would be limited to certain technologies or platforms.

Companies who get favorable responses from the public after a breach do one thing better:

Good communication. They are frank and open with the public. Companies should always strive to be honest about what’s going on and to give frequent updates, even if they don’t fully understand the scope of exactly what happened or how.

The attackers companies need to worry about are…

Tuomo’s take: You don’t necessarily need to worry about WHO the attackers are, because you cannot foresee that anyhow. Rather, start from the assumption that you are already hacked, and plan your capabilities based on that.


Want more? Listen to episode number 3 of Cyber Security Sauna, where Tuomo, Marko and Janne talk about who’s to blame, how attackers may be going after something different than what you’re trying to defend, and why you should “fix the roof when it’s not raining.”



Cyber Security Sauna podcast


Post Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s