Let’s face it: PR, and it’s fancier sibling, crisis communications, is the red-headed stepchild of the data breach family. Everyone accepts that you need a seasoned breach coach to help navigate the maze of state-specific disclosure laws and avoid third-party litigation, and we can all agree that a sophisticated forensics shop is key to stopping the bleeding and assessing the damage. But then what? It seems like more often than not, a breach victim’s response to an attack is limited to a very delayed and often-canned press release that leaves customers and employees with more questions than answers. I talked to Zach Olsen, President of Infinite Global and head of the firm’s Crisis Response & Reputation Management Group about where he sees an opportunity for reducing the costs and reputational harm of a breach.
A Q&A with:
- Navid Jam, director of security consulting services at Mandiant.
- Daimon Geopfert, national leader of security and privacy consulting at RSM.
- Darin Bielby, managing director of disputes and investigations at Navigant
- Bill Hardin, vice president of forensics services at Charles River Associates
- Jason Smolanoff, managing director, global practice leader of cyber security and investigations at Kroll
- Austin Murphy, director of incident response for Crowdstrike
Forensics firms play a vital role in any data loss incident, helping the breached organization determine exactly what went wrong, assess the scope of the damage, and, in conjunction with a Breach Coach®’s efforts, take steps to remediate the problem. We spoke with leading forensics experts about dos and don’ts for an optimal forensics process.