According to a 2023 IBM report, companies take 197 days to identify a breach and 69 days to contain one on average. The delay between infection, detection, and containment can cost businesses millions of dollars. Only 45% of the companies polled had an incident response plan in place. In this episode, Markus Lassfolk, VP of Incident Response, Truesec, and Morten von Seelen, Vice President of the Truesec Group, who have extensive hands-on experience in dealing with major cyber attack incidents, shed light on this very important subject matter. Time Stamps  00:02 -- Introduction 02:47 -- Markus Lassfolk professional highlights 04:28 -- Morten von Seelen professional highlights 06:17 -- What does incident response mean? Why is it important? 09:10 -- Extent of organizational preparedness 15:32 -- How should organizations prepare to help incident responders do their job better? 20:49 -- What are the different roles associated with major incident response engagements? How do you build a team to handle these engagements and how you retain the talent? 25:18 -- What are some of the most common mistakes that you see customers making? 30:27 -- How effective are tabletop exercises? 36:00 -- How important are security drills? 37:21 -- How should organizations go about looking to identify real expertise in incident response? 39:25 -- What kind of help can small companies get who don't have the budget? What would be your advice to them? 42:58 -- When I was reviewing some industry reports, one survey finds that while only 45% of the companies polled had an incident response plan in place, 79% of the companies have insurance. So they're almost implying that many companies could be of the view that let's not worry about the incident response plan. If we have good insurance, we are covered. Can you dispel that myth? 46:35 -- What's exciting, what's interesting, what are some challenges, what kind of mindset and skills one needs to have to pursue a career in incidence response? 51:23 -- Final thoughts Memorable Markus Lassfolk Quotes/Statements "If organizations gets hit by ransomware, they are usually down for three weeks, 21 days, on average." "From a preparedness standpoint, it helps if the customer has secure and safe backups that we can use." "In most of the cases, customers are either totally unprepared, or they're not prepared in the right way." "During an engagement, having the log files will help us get answers of what's been going on in the breached environment. When we don't have the log files, it's so much harder, then we have to start looking at other things which takes more time, which sometimes does not provide the answers, and then we have to start guessing." "The best thing that the leadership team can do is to give the incident responders and the IT department the support and room to do their job and and not expect to have status meetings every 30 minutes or every two hour because that does not give us time to work and actually produce stuff." "We advise our customers to make sure that they identify the key personnel on their site and try to reduce the single point of failures in personnel as we call it, because in every incidents, when we come in and start working, we start to see a pattern; there is one person who has the answers to everything and who everyone points to. And that person is the single point of failure." "They (customers) start restarting or...