Data breaches happen everywhere, to organizations across all sectors. Getting hacked is easy, but responding to the hack is the difficult part. That's where Ronald Plesco, principal and national lead of the cyber investigations, intelligence and analytics practice at KPMG, comes in.
"It's a tough time for a company, or any entity going through an incident," Plesco said of the panic following a data breach. "I've run into chairmen of the board trying to run an incident."
The key, according to Plesco, is to have the right people on the job. "Really the lesson learned is: You've hired some people, either outsiders like [KPMG], or your incident response team or your information security team, [and] you have to trust in your team to do what they need to do, to plug the hole, hopefully contain and mitigate what's happened to them."
In this video, recorded at the 2015 RSA Conference, Plesco sat down with Eric Parizo and discussed his experience responding to data breaches. One of Plesco's main takeaways is that enterprises should pay attention to where their data is. If you asked, most organizations probably don't know.
"Companies think they know where their data is, and it takes a breach to really figure out that they don't. They might have a third-party managed security company or a cloud company backing up data, etc. It takes an incident to figure out, 'we thought that data was with that cloud provider in this part of the country, and here it's somewhere else.'"
Plesco spoke to some of the horror stories he's encountered in years in information breach response.
"I've seen a lot. Some of the most unusual [things] I've seen [are] nation state, non-nation state, organized crime, disorganized crime, act[ing] more malicious; hackers getting in just because they can, and leaving comments for [the organizations] to find forensically, taunting them, giving them a hard time. So I've seen a lot, that's for sure."