One of the things that hackers look for when they break into an enterprise is encryption keys and security certificates, but most security professionals don’t know how to respond if the keys are compromised during a breach.
This article from CSO Online touches on one aspect of post-breach effort but should highlight a much broader knowledge gap in the Information Security Industry. The problem isn’t what security professionals do or don’t after a breach but shows that there is no industry standard or focused training on what to do if you are breached.
The world today operates under the scary yet accurate motto –
“There are two types of companies. One that has been breached and one that has not discovered they have been breached.”
The point it that every company, by the legal definition of a breach, has lost data in the manner that would be called a breach. You can get certified all day long as a “Security Professional” but we have reached the point of needing to build and educate those certified professionals on how to clean up and reset an environment after a breach has been detected. Such as resetting ALL your encryption keys, which means you need to focus on proper key management in order to do so. From there the list goes on and on and if you don’t you are not closing the entry points that were used to exploit you in the first place or worse, keys and methods taken by hackers to be used again in a new way the next time.
End of line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.