The massive cyber breach of Capital One, reported in late July, quickly brought a chorus of condemnation of the company from a wide circle of pundits, concerned customers, competitors and potential investors. Lost in the media fray was Capital One’s exceptional incident response.
The facts are impressive when compared to other cyber incidents. Capital One’s cybersecurity team detected the incident within days (as opposed to the industry average of over 100 days before detection.) Critically, the company alerted law enforcement, and collected and analyzed the logs and data that led to an unprecedented rapid identification and apprehension of the perpetrator by law enforcement personnel.
Senior leadership messaging to the public regarding the incident was quick, transparent, and sincere. YouTube watchers even got to “ride shotgun” with reporters as they accompanied law enforcement personnel to arrest the alleged hacker and secure the purloined data. Such streaming content of law enforcement arresting suspected cyber criminals in a timely manner bolsters confidence in law enforcement’s capabilities to thwart cyber criminals while providing an unprecedented deterrent in the age of cyber crime.
With nation-state actors, hackers, and other criminal organizations increasing in their boldness and cyber capabilities, corporate entities face significant cyber risk, and the odds of a cyber breach or reputation-damaging cyber incident are high. Boards and business leaders at all levels should recognize that their organization is a target and that they need to be prepared to respond fast and well in times of crisis. They should fine-tune their incident response procedures using lessons learned from the Capital One breach, implement measures to protect the weaknesses exposed in this attack, and practice what they should do if their enterprise encounters their own “really bad day.”
While boards and business leaders rightfully should pay attention to the circumstances leading to the breach itself, there are numerous lessons learned from this breach that organizations of all sizes should pay close attention to – and nearly all are positive.