Forbes Technology Council quotes Dr. Jose Morey in most recent article "15 Nuggets Of Wisdom For Junior Tech Executives Facing A Devastating Hack"

15 Nuggets Of Wisdom For Junior Tech Executives Facing A Devastating Hack

The possibility of cyberattacks is an everyday concern for corporations and their tech teams today. One of the most important jobs of an IT executive is to ensure that the business stays one step ahead of malicious users in the never-ending arms race of technology. Yet, despite constant vigilance, hacks can and do happen regularly. After a particularly devastating hack, a junior tech executive may worry about missing a crucial recovery step.

Below, 15 members of Forbes Technology Council share sage advice for young tech executives who find themselves facing a devastating corporate security attack. These pro tips can expedite recovery and reduce the chances of future intrusions.

1. Focus On Your Peopleware

Realize that cybersecurity at its core is really just behavioral science. Often, your weakest link isn’t your software or hardware, it’s your peopleware. Understanding the team’s strengths and weaknesses in this domain and how to educate will be the greatest upgrade you can make. - José Morey,Liberty BioSecurity

2. Make Security Everyone’s Responsibility

It is important to realize that security is not just the job of the cybersecurity team. Organizations must be more cognizant of their security and embrace a DevSecOps approach, building security into the development process. In addition, organizations must provide the proper education and training for every member of the team, from the C-suite all the way down to each individual employee. - Joseph Feiman, WhiteHat Security

3. Establish A Formal Security Policy And Infrastructure

Go forward using a formal security policy that provides a process, budget and framework for continually assessing risks and researching solutions. While a company may be able to recover from an initial breach, it’s highly unlikely that stakeholders will tolerate another one. The policy provides a way to prioritize security. - Yenn Lei, Calendar

4. Make Security Part Of Your Culture

With technology becoming core to business success, security has to move from a collection of tools to a holistic “system of systems” approach enabled by collaboration and sharing across your organization and your partners. This enables organization-wide visibility. Security culture has to be part of organizational culture to effectively detect advanced threats, avoid blind spots and respond with speed. - Mahesh Sudhakaran, IBM

5. Master The Basics

Use the incident as an opportunity to learn and grow. Make sure to perform a postmortem and conduct a root-cause analysis for the incident, and build or update processes in order to prevent it from happening again. Conduct a risk assessment across the organization to identify remaining gaps so that these can be addressed. Focus first on the basics and get the security fundamentals right. - Caroline Wong, Cobalt.io

6. Be Proactive

The worst position you can be in is reacting once something has already gone wrong. Nothing is unhackable, so the best bet is to be prepared and implement best practices early on. Any tech exec should make it an imperative to assess security protocols every quarter, from system hardening to employee training. In this sense, once it happens, you’ll feel better prepared. - Patrick AmbronBrandYourself

7. Put Together An Incident Response Plan

Proactively spend the time to think through an incident response plan and write it down in the form of a checklist. Review it with your broader team, especially including legal. That way, if an incident occurs, you have a playbook to refer to and you can check the boxes as you execute your response. - Nikhil Govindaraj, goMoxie

8. Be Transparent

For many, the initial reaction will be to tightly control the narrative in an attempt to minimize risk. While understandable in an external context, doing so internally reduces the ability of the organization to learn and adapt. As much as possible, engage a broad section of your team in an immediate and open dialog about what happened and how to respond both near and long term. - Todd Piett, Rave Mobile Safety

9. Report The Incident Immediately

Do not wait until the last moment—report the incident to the executive leadership ASAP. Together, you will be able to better analyze how the hack affected your systems and data, prioritize recovery steps to avoid business downtime and find ways to mitigate such incidents in the future. Also, your management will have more time to prepare a notification for customers and/or regulatory bodies. - Ilia Sotnikov, Netwrix

10. Get Outside Expert Help

Bring in an outside security expert to recommend changes and even lead implementation, if necessary. It’s important to learn and address these issues with the help of someone who better understands the issues or ongoing risks. It’s okay to admit that it’s not your area of expertise and rely on someone else in these situations. - Chalmers Brown, Due

11. Consider A Data-Centric Approach

Organizations are moving to a data-centric approach to complement their perimeter and endpoint security. A data-centric approach allows an organization to manually or automatically classify sensitive data that may contain credit card information, financial data, intellectual property and more. This moves an organization to a least-privilege data model to protect, detect and respond to threats. - Michael Raggo802 Secure, Inc.

12. Don’t Forget Recovery

Having quality and timely backups can make recovering from an intrusion much less painful. Not only can backups get systems back up and running, but comparing the backup to compromised systems can provide insight into the methods and effects of the intrusion. Periodically do a full restore of your backups to test environments to make sure your backup processes work when you need them most. - Matthew Kolb,AssistedLivingFacilities.org

13. Get Cybersecurity Insurance

While relatively new, companies such as Zeguro are starting to focus exclusively on providing cybersecurity insurance.  The best part is that they know the industry, know best practices and are actually on your side and will help you find the best products and methodology to protect your systems. - Ken Tola, Bear Systems

14. Implement Audit Logs

When you find an exploit, take some time to think through your next steps. Your gut reaction is to pull the plug on the server and shut down the exploit, but you need to know how the exploit was achieved. To do this you need to carefully think through your next steps. Turn on your audit logs, drop in a honey pot, etc. Find out how the hack was done. Once you know this you can improve your systems. - Kevin Batchelor, Complete Merchant Solutions

15. Embrace A Zero-Trust Approach

My advice would be to embrace a zero-trust approach going forward, which creates a security posture based on today’s reality versus taking the outdated perimeter approach. Zero trust would encourage the executive to assume that a hacker is trying to get inside the organization and how the organization can respond, both by reducing the attack surface via microsegmentation and by fast isolation. - Vishal Gupta, Unisys