Deep breaths and lean the f**k in. A user’s guide to Incident Response.
who: Nadia Yousef
when: Fri, 12 Nov 2021 14:45:00 +1300
where: The Michael Fowler Centre
2020 was a whole vibe on its own, but 2021 has really bought its game in being a constant run of major cyber security events that have changed the global landscape around how we prevent and respond to these issues. From superpowers embedding themselves in ubiquitous software, relentlessly owning each other, to ransomware-as-a-service gangs fetching $5 and $11USD million a pop. Of course, in the meantime, scammers are scamming, phishing emails are relentless and no one is actually selling new Adidas shoes for $30 from a real estate website.
The context in New Zealand over the past 12 months has reflected this. In high profile, high coverage incidents we’ve seen a DHB’s and a hospital’s online operations get crippled for months, our Reserve Bank threatened, countless data breaches and that’s just the tip of the iceberg.
So, what do you do when it happens to you? When you log in to your machine, and you see that angry little READ ME.txt file on your desktop? When you find your customers’ creds show up in the latest breach? When you find some uninvited little webshells and another nation’s flag as a banner on your site? When you’ve paid a $400,000 invoice to a recently changed bank account number – and now have a sick feeling in your stomach about whether that should have happened. There’s really only one thing for it – take some deep breaths and lean the f**k in.
I’ve been working in the incident response field since Heartbleed, and I’ve seen a whole range of incidents, and the different ways that they’re responded to. Excitingly for me, the last two or three years have seen a significant shift in the maturity of organisations’ responses, particularly in both internal and public comms, and it’s had a significant impact on the way that incidents are played out and recovered from.
Through this talk, I would like to cover off what we recognise as good incident response, key processes to have in place, the absolute importance of working with communications experts, and sometimes admitting to the public or your customers that you’ve made a boo boo, this is how bad it is, this is how we’re fixing it, and this is how we’re going to make sure it doesn’t happen again.
I'm Nadia Yousef, Manager of Threat and Incident Response at CERT NZ. I've been working in cyber security incident response from Heartbleed, and learned to accept that means my nights and weekends are not my own. I lead CERT NZ's response to major incidents, and over the past few years, have picked up insights into what IR done well looks like, and some traps that people fall into when everything goes sideways. I'd love to share some of those lessons with the Kawaiicon crew!