Security teams will never have upper management’s attention as powerfully as they do in the wake of a data breach. But they have to act quickly.
Wait three months and the breach is over: It’s been reported, top executives have moved on, and the opportunity to get needed resources will be lost.
“Never let a good crisis go to waste,” said Dan Costantino, CISO at Penn Medicine. “There’s a small amount of time when you have the opportunity to use the security event to make a change.”
Whether that means advancing your security strategy with a bigger budget, hiring more talent or deploying new technologies, the hours, days and weeks after an incident are a teaching moment, added Theresa Payton, CEO of security firm Fortalice Solutions and former White House CIO.