1. Home
  2. Schedule
  3. Only After Disaster Can We Be Resurrected: Field Lessons in Cyber Incidents
Management

Only After Disaster Can We Be Resurrected: Field Lessons in Cyber Incidents

Virtual October 21, 2020 10:10 am - 10:50 am Feedback     

Bookmark and Share

Mark Sangster

Only after disaster can we be resurrected. While you’d think it’s wisdom from Gandhi or perhaps Buddha, it’s the insightful musings of fictitious character, Tyler Durden from the 1999 movie, Fight Club. This alter ego has it right. We can learn more from mistakes, errors or even disaster than we can from what went right. This workshop uses disaster investigation results and the detailed examination of the Air Canada FLT143 crash, the sinking of the Deepwater Horizon, and the collapse of the Citicorp tower, to demonstrates how we bring specific biases that skew our view to assuming in hindsight that we would make better decisions that would have avoided calamity, and bring extreme blame and judgment against those involved. These biases focus on first story human error and often hide the systemic issues that truly led to the disaster. The session confronts the business decisions, consequences and critical communication between security leaders and business leaders. In this interactive talk, the speakers will take attendees through four real-life incidents to explore how the critical decisions we make during cyber incidents makes the difference between controlled events or ones that lead to business altering situations:

  1. Fraudulent financial transactions instigated from a law firm that manages trust funds for a high wealth celebrity. The banks involved have digital records that lead back to the firm.
  2. A healthcare clinic that discovers that a large collection of insurance claim files are missing after employees discover a stranger in a restricted area. What was taken and what are the regulatory consequences?
  3. A manufacturer must decide to shut down an assembly line that costs millions to restart after malware is discovered on its controller. The attack is a denial of service in retaliation for charged political statements made by the CEO on social media.
  4. An accounting firm targeted by a vengeful nation state for helping a client move funds from their home country to the US. The nation state claims the client is a dissident who is tied to failed drone-based assassination attempt.