When Kevin Mandia got the call in 2020 that his cybersecurity company Mandiant (then a division of FireEye) had been breached, the details raised alarms immediately. “It smelled like the SVR to me right out of the gates,” he said, referring to Russia’s foreign intelligence service. “They had a smart way of getting past our two-factor authentication and were targeting us in a way that showed professionalism.” Instead of grabbing everything they could, the intruders selectively searched and minimized what they took – a telltale sign of a cunning foreign intelligence operation. Andy Lunsford, CEO of cybersecurity incident response company BreachRx saw the same shortcomings from a different vantage point. After years litigating privacy and commercial cases, he observed a troubling pattern: attackers often operate with more discipline and coordination than the organizations they target. “You can defend 99,000 attacks,” he said. “They just have to get in one time to take you down.” According to Lunsford, most companies still approach incident response reactively. “They’ve got the people they want to call,” he said, “but they don’t necessarily have a systematic approach.” That lack of structure becomes a liability when companies must manage not just the breach itself but the fallout: regulatory disclosures, legal exposure, customer notifications and board communication. “The ramifications within the business, including regulators and auditors, can be a lot more complicated” than addressing the breach itself, Lunsford said.

Full commentary : Cybersecurity Incident Response Needs A War Room, Not A Playbook.

For more see the OODA Company Profile on BreachRX.