The New Incident Response ChallengeFormer US-CERT Director Barron-DiCamillo on How to Get Out of 'Firefighter' Mode
Too few organizations have in-house incident response teams. As a result, they lack the native ability to even detect evolving threats such as ransomware, says security expert Ann Barron-DiCamillo. What are the must-have response capabilities?
Barron-DiCamillo, formerly the director of US-CERT, is now chief technology officer at Strategic Cyber Ventures, a cybersecurity technologies investment firm, and part of her focus is on studying incident response capabilities. What she sees, frankly, concerns her.
"From my perspective, a lot of organizations ... have little to no ability to detect activity and then to mitigate it," Barron DiCamillo says.
One inherent problem with many incident response organizations is their "firefighter" mentality, she says.
"There is this tendency to react, resolve, remediate ... expeditiously," she says. "As a firefighter, you want to put out the fire." But adversaries have responded to this tactic, and they now are deploying exploits that detonate secondary, retaliatory strikes as soon as their primary attacks are countered, Barron-DiCamillo says. "You need to do some aspect of 'watch and learn' as you contain," she says. "Understand the landscape of where the adversaries are within your network."
In this video interview at Information Security Media Group's recent Washington Fraud and Breach Prevention Summit, Barron-DiCamillo discusses:
- Her role as CTO at Strategic Cyber Ventures;
- The future demands of incident response;
- Lessons learned from deconstructing ransomware.
As CTO at Strategic Cyber Ventures, Barron-DiCamillio leverages her expertise gained from 18 years in information technology development and cybersecurity operations to identify emerging technologies that fulfill capability gaps as they are created in the dynamic environment of the internet. Barron-DiCamillo previously was the director of the United States Computer Emergency Readiness Team, where she led DHS's efforts in cyberspace to respond to major incidents, analyze threats and share critical cybersecurity information with trusted partners around the world.