An organization's people are its strongest asset when it comes to both discovering and mitigating a breach, according to the panelists on SC Congress New York 2015's Your Organization is breached: Now on to threat detection and intelligence.
“You have to utilize the end users. They are the people who notice abnormal behavior first,” said Lee Schulz, deputy operations chief, Department of Home Security, citing that a staffer at the Office of Personnel Management (OPM) discovered the unusual behavior on the network that led to the breach being uncovered.
The other method recommended by the panel to find a breach is to know what your company's system look like normally so it's easier to recognize when something unusual, and most likely a threat, is taking place.
Once the intrusion is discovered the next task is to quickly get this information into the hands of those who can halt the bleeding and this does not mean keeping it internalized.
Scott Sumner, CISO and directory of regulatory compliance for Tory Burch said even those working in “cutthroat” industries need to look outside there company when it comes to containing an intrusion.
“The inclination is to keep everything a secret,” said Mark Vahlkamp, director of information security and compliance for Convoke Systems, adding that there is nothing wrong with discussing a situation with your peers or even asking for help in solving a particular problem.