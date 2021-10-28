Log in
E-mail
Password
Show password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON
  1. Homepage
  2. Equities
  3. United States
  4. Nasdaq
  5. SecureWorks Corp.
  6. News
  7. Summary
    SCWX   US81374A1051

SECUREWORKS CORP.

(SCWX)
  Report
Real-time Estimate Quote. Real-time Estimate Cboe BZX - 10/28 11:46:00 am
18.335 USD   +3.47%
10/26REGULATORY COMPLIANCE SOLUTIONS : The Security Maturity Journey
PU
10/21SECUREWORKS : Improve Penetration Testing Results With a Simple Password
PU
10/19POWER OF TWO : Threat Hunting + ManagedXDR
PU
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector news

The Role of the Incident Commander in Cybersecurity

10/28/2021 | 11:34am EDT
share with twitter
share with LinkedIn
share with facebook
The Role of the Incident Commander in Cybersecurity An incident commander plays a vital role in the response to major cybersecurity incidents. The sharp rise in ransomware incidents makes them increasingly important.Thursday, October 28, 2021By: Tony Kirtley - Director Incident Command

Most network defenders have never experienced a business-critical incident. An incident commander brings much-needed experience and knowledge to guide multi-functional teams through the process. Speed of recovery, evidence preservation, and security of the restoration process are often in conflict. Balancing them is critical to the long-term security resiliency of the company. High-touch incident responders like incident commanders require a specialized combination of technical, communication, and relationship skills.

The nightmare

Imagine being the CIO of a multi-national manufacturing company that relies heavily on IT services for production and shipping of your company's products. Early one Saturday morning, your phone rings:

Your VP of Infrastructure woke you to announce that a significant portion of the company's servers have been encrypted with ransomware. Critical manufacturing systems, ERP, financial systems, and file stores are affected. Employees cannot access the systems needed to do their jobs. The company will likely suffer massive revenue losses for every day of downtime, and customers may walk away if your actions do not quickly restore operations.

This is a scenario too often encountered in a security consultancy. The following thoughts might immediately go through your mind:

  • I can't even wrap my head around this situation! Where do I begin?
  • How am I going to explain this disaster to executive management and the board? How could we have let this happen to us?
  • We have never experienced anything like this before. How am I going to mobilize and rally my staff to respond to this?
  • Will I have a job when this is over?
  • I think I am going to be sick!

After calling your legal counsel for guidance and your cyber insurer to file a claim, you should call your incident response firm. If Secureworks® is your incident response firm, an incident commander would immediately be assigned to your case.

The incident commander's role

The incident commander operates like the conductor of an orchestra, understanding everyone's part and ensuring that each action occurs at precisely the right time. Accomplishing this balance requires relevant experience, a diverse background, and the ability to adapt and learn quickly. Secureworks incident commanders lead dozens of complex incident response engagements each year. They bring years of experience working very closely with customers and leading customer staff, consultants, and partners to orchestrate an appropriate response. The following are two challenges that incident commanders navigate during major incidents:

  • Speed to recovery versus evidence preservation - During a ransomware attack, company leadership will exert a lot of pressure to return IT services to production. At the same time, internal and external legal counsel will want to know how the attack happened and if any data was stolen. Knowing how it happened is essential to remediation, and understanding if data exfiltration occurred informs legal reporting and decision-making. These goals often conflict with a speedy recovery. The incident commander must direct an expedited collection of evidence to conduct an investigation. This investigation assists in securing the environment, determining if data was stolen, and freeing storage for the recovery effort.
  • Speed to recovery versus security of restoration - Also in conflict with a speedy recovery is the security of the recovery effort. Failing to properly secure the environment before rebuilding could result in re-compromise. If the attacker's access is not severed, they often re-encrypt servers, eavesdrop on meetings, and send messages to employees and customers to disrupt and harass the victim. Containing the network and evicting the attacker are essential for a secure recovery. The following high-level activities are usually required for an effective eviction:
    1. Removing or rebuilding hosts that show evidence of compromise
    2. Implementing multi-factor authentication (MFA) on all remote access services
    3. Building and securing Tier 0 of the company's Active Directory infrastructure
    4. Resetting Kerberos, administrator, service, and user accounts
    5. Patching critical exploitable vulnerabilities on internet-facing servers
    These tasks sound daunting, and they are. There are compensating controls for some of these activities that speed up the process. The incident commander's job is to guide victims through the process.
Conclusion

Incident commanders require technical skills to understand what to do and how to execute prescribed actions in varying customer environments. They also need to be able to communicate risk at every level in the organization, from the administrator to the board of directors. Because of the incident commander's experience and knowledge of these situations, they often become very close partners with the customer's IT and security leaders. Relationship-building skills are essential to building trust.

There can be intense pressure on an incident commander to establish order during a time of chaos and to coordinate a response that helps a victim quickly restore operations. But they find great satisfaction in helping customers through some of the most difficult professional situations they may face.

Learn more about the Secureworks emergency incident response services.

Related Publications

Disclaimer

SecureWorks Corp. published this content on 28 October 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 28 October 2021 15:32:10 UTC.


© Publicnow 2021
All news about SECUREWORKS CORP.
10/26REGULATORY COMPLIANCE SOLUTIONS : The Security Maturity Journey
PU
10/21SECUREWORKS : Improve Penetration Testing Results With a Simple Password
PU
10/19POWER OF TWO : Threat Hunting + ManagedXDR
PU
10/14SECUREWORKS : Endpoint Attacks, Endpoint Defenses, and Endpoint Time-Sink Avoidance
PU
10/13THREAT HUNTING WISDOM : Planning Makes Perfect
PU
10/13SECUREWORKS : reg; Expands Taegis™ Portfolio to Boost Customers' Cyber Resilience
PU
10/13SECUREWORKS : reg; Expands Taegis™ Portfolio to Boost Customers' Cyber Resilience
PR
10/13SecureWorks Corp. Expands of Its Taegis Portfolio of Extended Detection and Response So..
CI
10/11SECUREWORKS : Shares Reverse Last Week's Gains in Busy Trading
MT
09/29SECUREWORKS : 6 Considerations for Your Company's Cybersecurity Budget
PU
More news
Analyst Recommendations on SECUREWORKS CORP.
More recommendations
Financials (USD)
Sales 2022 539 M - -
Net income 2022 -56,0 M - -
Net cash 2022 209 M - -
P/E ratio 2022 -29,0x
Yield 2022 -
Capitalization 1 512 M 1 512 M -
EV / Sales 2022 2,42x
EV / Sales 2023 2,36x
Nbr of Employees 2 696
Free-Float 12,5%
Chart SECUREWORKS CORP.
Duration : Period :
SecureWorks Corp. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends SECUREWORKS CORP.
Short TermMid-TermLong Term
TrendsBearishNeutralNeutral
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus UNDERPERFORM
Number of Analysts 7
Last Close Price 17,72 $
Average target price 16,50 $
Spread / Average Target -6,88%
EPS Revisions
Managers and Directors
Wendy K. Thomas President, Chief Executive Officer & Director
Paul M. Parrish Chief Financial Officer & Senior Vice President
Michael Saul Dell Non-Executive Chairman
Kevin Hanes Chief Operating Officer
George Barry Hanna Secretary, Chief Legal & Administrative Officer
Sector and Competitors
1st jan.Capi. (M$)
SECUREWORKS CORP.24.61%1 512
ACCENTURE PLC35.54%223 632
TATA CONSULTANCY SERVICES LTD.21.90%172 100
INTERNATIONAL BUSINESS MACHINES CORPORATION0.99%112 192
SNOWFLAKE INC.23.35%104 442
INFOSYS LIMITED37.68%97 883