Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)

The New Incident Response Challenge

Former US-CERT Director Barron-DiCamillo on How to Get Out of 'Firefighter' Mode

Too few organizations have in-house incident response teams. As a result, they lack the native ability to even detect evolving threats such as ransomware, says security expert Ann Barron-DiCamillo. What are the must-have response capabilities?

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

Barron-DiCamillo, formerly the director of US-CERT, is now chief technology officer at Strategic Cyber Ventures, a cybersecurity technologies investment firm, and part of her focus is on studying incident response capabilities. What she sees, frankly, concerns her.

"From my perspective, a lot of organizations ... have little to no ability to detect activity and then to mitigate it," Barron DiCamillo says.

One inherent problem with many incident response organizations is their "firefighter" mentality, she says.

"There is this tendency to react, resolve, remediate ... expeditiously," she says. "As a firefighter, you want to put out the fire." But adversaries have responded to this tactic, and they now are deploying exploits that detonate secondary, retaliatory strikes as soon as their primary attacks are countered, Barron-DiCamillo says. "You need to do some aspect of 'watch and learn' as you contain," she says. "Understand the landscape of where the adversaries are within your network."

In this video interview at Information Security Media Group's recent Washington Fraud and Breach Prevention Summit, Barron-DiCamillo discusses:

  • Her role as CTO at Strategic Cyber Ventures;
  • The future demands of incident response;
  • Lessons learned from deconstructing ransomware.

As CTO at Strategic Cyber Ventures, Barron-DiCamillio leverages her expertise gained from 18 years in information technology development and cybersecurity operations to identify emerging technologies that fulfill capability gaps as they are created in the dynamic environment of the internet. Barron-DiCamillo previously was the director of the United States Computer Emergency Readiness Team, where she led DHS's efforts in cyberspace to respond to major incidents, analyze threats and share critical cybersecurity information with trusted partners around the world.

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.