cool. All right. Uh, you are a cyst. So for an insurance company
and you were recently notified of a potential breach within the company.
Your manager's contacted you, and you're unsure if it it is a breach or an anomaly. Knowing how breaches are viewed in today's world and not knowing if it is truly a breach. Do you inform the board or wait, If you wait, it could be seen that you were trying to withhold the information about the breach,
but it it could be, uh, But if you tell them and it is not a breach, they may lose trust in you.
S 01 thing I would have to think through is how
I would say how how technically aware is are the board members right? You know, we see a lot of you go in a lot of boardrooms and they have no clue on technology. It also would they be understanding to some extent, if
I say or if I if I wait right to disclose it and then I say Okay, yes, it we've confirmed it's a breach. I would also think through what are the company's policies for incident response.
How do we determine it's a breach? Why am I being? One question I would ask is why this is a level. Am I being told about this when we haven't fully confirmed anything yet? We just say, Hey, there's an anomaly. May be in the logs or something.
I think it's good to sort of tell me, but I need to get some some kind of evidence. So when I go before the board, I can say, Look, we found these things. This indicator compromises from this delicious I P address that has been seen in five other breaches at the's Relatable companies and write history because I can't just go into the boardroom and say,
Yeah, we have a breach or no, we don't without some kind of evidence And so that would be the first thing that I would start looking for is some kind of evidence to either substantiate? Yes, it is a breach or No, it's probably not. It's probably just something else.
Yeah, totally. Um, I mean, so lot of boards don't understand
cyber that well, right? Like right. Let's also assume that the board is Standard Insurance Company Board that doesn't really understand cyber that well, it doesn't largely need to because they need to understand the entire industry, right of how insurance makes money, right? That's their main responsibility.
So jumping all the way to the board of directors before you go to the C e o. I think I wouldn't do that, right? Like at all right, Right off the back.
The second thing is, you gotta move with speed,
like, at some point, you have to make a call
like you have to start investing in this, But you need to know fast. Rightly, because there could be is major implications here, right? Particularly with insurance information on DSO. I think you know, when you when you start investigating like
you have to work the extra hours to actually get this done. Um And so
you really wantto make sure that this is true. Um,
yeah. I mean, I think that's all you really can do at that, given the scenario, right? Like, because I think ultimately, you don't wantto alarm people or scare them,
right? But it's same time you,
um, need toe need to make sure that you do your due diligence and make, you know, make decisions from there. So I think it's just wait, do your homework ready to do a lot of homework, Determine if it's a breech. Don't notify anyone until you have confirmed it. You shown the evidence all that stuff, Ray, and just move really fast.