Schneier: Incident Response Management Key to Surviving a Data Breach

SAN FRANCISCO—Between Target, Home Depot, Sony Pictures and many others, 2014 was undeniably the year of the data breach, and companies are finally realizing the likelihood that they could be next.

“Last year was being called the ‘year of the breach,'” said Bruce Schneier, CTO of Resilient Systems, formerly Co3 Systems. “Now, you and I know every year [has] been the year of the breach. But last year there were a bunch of really high-profile breaches where the companies involved did a terrible job of responding, that they were actually in chaos and it looked that way.”

In this interview, recorded at the 2015 RSA Conference, SearchSecurity editorial director Robert Richardson sat down with Schneier to discuss Resilient Systems’ contribution to improving enterprise incident response management in the coming year.

“This is the year that companies are recognizing that they’re not going to be able to prevent these attacks,” Schneier said. “They look at something like Sony and [say], ‘I cannot for any amount of money stop the government [of] North Korea from getting into my network.’ And they’re right.”

Schneier goes on to say he believes the key to successful attack management is threefold—involving protection, detection and response—and companies are starting to realize they need to beef up their response efforts.

Schneier also discussed the risks of public key infrastructure and why it failed, and if the industry will ever give up on SSL.

Watch the Video on

Categories: Recorded Interviews, Video

Sidebar photo of Bruce Schneier by Joe MacInnis.