We're Talking Incident Response on Silo Busting

cybersecurity

“It’s Almost Impossible to Improvise Right When an Incident Is Coming Because the Pressure on the Organization Is High”

Silo Busting 28: Incident Response with Ofer Levinger and Adam Bishop

July 22, 2021
ofer and adam

Imagine you’re a CEO. You settle into your office in the morning and open your laptop… and there's no way to communicate with clients. “No phones. No emails. Nothing,” says Ofer Levinger, Senior Director of Business Unit Operations at EPAM, on the latest #CybersecurityByDesign episode of Silo Busting.

Levinger tells Adam Bishop, our Director of Information Security (and his podcast partner-in-crime): “It’s very hard for you in that particular moment to work [with] a cool mind, open the well-prepared incident response book, and play by it.”

Bishop notes that the idea of incident response has been around for decades but “things aren’t really improving.” Looking at the headlines about massive data breaches, “It almost feels like things are getting worse.”

Levinger, who has been the CEO of White Hat, the Israeli cybersecurity firm, since 2019, says most companies look at incident response as a “CISO problem, not an organizational problem. ‘It’s not a business problem.’”

This, they say, needs to change.

Listen as our conversationalists get into the intricacies of incident response: the communications challenges, the new ways hackers are getting in (“living off the land” attacks, for instance), zero trust, and more.

It’s a highly charged topic, one that creates a lot of stress for organizations. Bishop says that just having good cybersecurity hygiene is not enough to allow companies to sleep soundly nowadays.

Levinger says that it’s necessary to move beyond the reactive posture, which is an ongoing active process. And he adds: “If you have a CISO that sleeps good at night, you have a problem.”

Host: Alison Kotin
Engineer: Kyp Pilalas
Producer: Ken Gordon

Silo Busting 28: Incident Response with Ofer Levinger and Adam Bishop
filed in: cybersecurity