CISOs Insiders - CISO insiders

Episode 57

The First 3 Crucial Steps After You Experience a Cybersecurity Incident: Nicholas Steinmann | Director, Insurance Alliances at Tetra Defense

00:35 Guest Introduction and professional journey

02:40 Icebreaker

04:00 How did the incident response domain evolve in the last decade

06:33 Timeline of a cybersecurity security incident. Timeline for a company that suffers a security incident.

10:50 The number 1 cause of most cybersecurity incident

15:30 What should a company prepare for a cybersecurity incident & attacks

17:50 How important are compliance standards in building a resilient & secure environment?

25:47 Are there ongoing threats and data exploitation that companies don't know about?

27:50 A case study for incident response project

32:32 The initiative for cybersecurity incidents from the U.S government.

36:43 What actions you should take after experiencing a cybersecurity incident?

Description Summary:

All the early-stage companies react differently to a cybersecurity incident but mostly this is how it goes in the most cases

An employee starts to report an issue in the network. Perhaps he or she cannot access a file on the network.
The issue gets reported to the IT department.
The IT department would diagnose the issue and realize that there’s a larger problem at hand.
From this stage, the information escalates to the boardroom.


The number one & most common cause of cybersecurity incidents is open RDP or a phishing attack if you’re not keeping up with the patches or you have unpatched VPNs & unpatched exchange servers. Mainly, The unpatched environment is the predominant method of intrusion for ransomware.

The threat actors which perpetrate the attack use free tools which are available online and conduct an external scan very quickly and exploit the findings. These tools are available online and they cost nothing.

This is what you should do to reduce cybersecurity incidents in your business:

  1. Ensure multiple-factor authentication on all your accounts like emails, VPN, etc.
  2. Regularly test backups, and be sure to keep them off the domain.
  3. Have an incident response plan, review it every quarter, and regularly update it.
  4. Introduce the principle of less privilege to make sure you’re limiting the number of people who have domain access & leading accounts.

If you just realized that you’ve experienced a cyberattack,

  1. Preserve all evidence, because if you wipe or change any evidence, it’ll be hard to trace how the threat actor was able to get inside your environment.
  2. Don't turn off any devices, just disconnect them from the internet.
  3. Don't engage in communication with the attackers.

Connect with Ben Ben-Aderet: https://www.linkedin.com/in/benbenaderet/

Connect with Nicholas: https://www.linkedin.com/in/nsteinmann/

Next Episode All Episodes Previous Episode

About the Podcast

Show artwork for CISO insiders
CISO insiders
Eye level conversations with leading CISOs in the industry.

Listen for free

About your host

Profile picture for Ben Ben-Aderet

Ben Ben-Aderet

Visionary entrepreneur, innovative founder, and CEO with 20 years of extensive experience in the InfoSec space, leading, enabling and increasing growth in global businesses, and helping customers achieve their information security goals. My company, GRSee Consulting, is a private international consulting firm staffed by a dedicated team of security experts committed to safeguarding its customers’ data.

WHAT I DO: I help businesses worldwide achieve their information security goals. Throughout my lengthy career in the InfoSec industry, I have worked closely with many major financial, governmental, defense, and telecom organizations in Israel and overseas. Today, as CEO and co-founder of GRSee Consulting, I ensure we provide the best, most advanced information security services over and above the conventional industry standard. GRSee Consulting offers full consultancy services, including PCI certification and compliance, penetration testing, risk management, software and infrastructure security, and much more.

WHO I WORK WITH: We partner with businesses and organizations from various sectors all over the world that value comprehensive, tried-and-tested information security services.

WHY IT WORKS: In the sophisticated, constantly-evolving world of data security, flexibility has never been so important. GRSee Consulting's dynamic approach provides a rapid response alongside full compliance, ensuring your peace of mind while eliminating the burden of unnecessary bureaucracy. We enable you to provide secure services and reduce your exposure to data security and non-compliance risks, leaving your business free to grow.

WHAT MAKES US DIFFERENT: GRSee Consulting delivers a comprehensive service portfolio for all your information security needs, ensuring full synergy between all our solutions. As an international company based in Israel, we are also able to offer much more competitive pricing while still providing local support via our partner in NYC.

HOW IT WORKS: We sit down with you to discuss your precise requirements and tailor our extensive portfolio to suit your business goals. GRSee Consulting is committed to providing professional, timely, and efficient service throughout the entire information security lifecycle.

READY TO TALK? Reach out to me here, or contact me at ben@grsee.com