This episode of CyberTech Talks, John Rogers (Head of Incident Response) and Mert Surmeli (Principal Incident Response Consultant) from WithSecure provide insight into Incident Containment.
Cyber incidents happen every day, and thousands of organisations trust their employees to decide whether to contain an incident immediately or investigate further. Containing an incident too late may result in the threat actor achieving their objectives, for example, ransoming your business. Containing an incident too early may lead the threat actor to advance their timeline and go berserk on your network.
Many people talk about the striking point: the perfect timeframe in which to contain an incident, where investigating further will have no effect on the containment strategy. As incident response professionals, we almost have an internal clock that influences when we act. However, people with this skill are rare, and many organisations have to act as best they can with resources they have.
Hear how John and Mert break down what incident responders consider when timing and formulating a containment strategy.
Read more about the topic here:
https://www.withsecure.com/content/dam/with-secure/en/resources/withsecure-keeping-the-attackers-out-whitepaper-en.pdf
We look forward to bringing you more episodes with cyber experts in 2023, make sure to subscribe and follow the podcast on Twitter and LinkedIn for further updates.
This podcast is brought to you by CREST, an international not-for-profit, membership body representing the global cyber security industry.
