Publish date:

IBM VP of Threat Intelligence on The Steps to Take After a Cyber Attack

Unclear on what to do after a cyber attack?

IBM released earnings Tuesday, Oct. 16. The company announced mixed earnings, which caused the stock to drop around 6% in trading on Wednesday, Oct. 17.

Caleb Barlow, the vice president of Threat Intelligence at IBM (IBM) - Get International Business Machines (IBM) Report , spoke to TheStreet about the importance of cyber security. He listed three steps for any company's head of security.

IBM released the Command Cyber Tactical Operations Center, which is a mobile cyber security training center. 

After cyber security incidents such as the Facebook data leak or the Equifax breach, it's even important for companies to protect user data as cyber attacks become more and more common.

In an interview in July, the CEO of Tenable--a cyber security company--told TheStreet that "cyber security is one of the foundational issues of our time." 

Here are Barlow's three steps to take after a cyber security breach.

TheStreet Recommends

The Duty to Convene

The first step is "the duty to convene."

"After a cyber security incident, everything else doesn't matter," Barlow said. 

The team should be convened immediately to discuss the issue. 

"You need information," he said.

The Duty to Respond

After a cyber security incident, it's up to the various departments--think human resources, etc.--to respond to the threat. 

Barlow likened this to calling 911 and having the fire department respond.

The Duty to Act

The third and final step is the duty to act, according to Barlow.

"Now you need to go through...the data you have available," he said. "You never have enough data available."

This is the step where a company would make the decisions based on the information that it has from a cyber security breach.