Cognitive Dissonance and Incident Response

“In psychology, cognitive dissonance is the mental stress or discomfort experienced by an individual who holds two or more contradictory beliefs, ideas, or values at the same time, or is confronted by new information that conflicts with existing beliefs, ideas, or values.”

Festinger, L. (1957). A Theory of Cognitive Dissonance. California: Stanford University Press.

For your consideration, what follows is the hypothetical discussion between a Pointy Haired Fearless Leader and a Security Analyst regarding the possibility of an organization’s large, web application having been breached. The Frankenapp in question was creatively duct-taped together around the same time that dinosaurs roamed the earth. All characters appearing in this work are fictitious. Any resemblance to real persons living or dead, is because truth is often much funnier than fiction.

SA: There’s a possibility our Super Amazing Custom Web Application has been breached.

PHFL: (Breathes into paper bag as starts to hyperventilate. In between breaths) How did this happen?!

SA: Same way it always does. A user was phished.

PHFL: But why didn’t our Extraordinarily Powerful Security Tools that cost $$$$$ stop this?!

SA: Because they don’t always work. Especially when they don’t have all the data necessary to identify malicious activity.

PHFL: But we paid $$$$$ because the vendor said it would stop APTs!

SA: This isn’t an APT.

PHFL: But we have Super Powerful Web Application Firewalls!

SA: They’re still in learning mode, because the web developers won’t work with us to identify false positives. And a WAF won’t detect phished credentials. We need multi-factor authentication to prevent this.

PHFL: But MFA annoys the users. What about the network firewalls?!

SA: Our firewalls wouldn’t have caught this and our web filtering system hasn’t worked for months.

PHFL: Do we know what accounts were compromised?

SA: We don’t have enough data. We don’t really have many application logs and the ones we do have aren’t being sent to the  SOC to be correlated.

PHFL: Why wasn’t I told about this tragic and desperately horrible situation?!

SA: I’ve been telling you every week since I took the job. I even hired someone to sky-write it twice. I’m also working on an off-Broadway musical called, We’re About to be Pwned Because Our Visibility Stinks and Our Security Tools Are Broken.

PHFL: Well, this is clearly your fault.

Dilbert On Incident Response

Tagged , , , , , ,

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: