Filter By:
A CEO's Transparent Incident Response Communication
On May 11, Coinbase suffered a social engineering attack targeting their outsourced customer support department. Their SEC Material Cybersecurity Incident disclosure on May 15 revealed attackers obtained enough personal information to launch sucessful fake customer service attacks against Coinbase customers.
Read more
The VW Group Data Breach is a Business Problem, not an IT Failure.
In December 2024, the Chaos Computer Club revealed that VW Group’s software unit Cariad exposed 9.5TB of sensitive data affecting 800,000 VW, Seat, Audi, and Skoda owners. The breach included personal information and location histories that, despite Cariad’s claims otherwise, were easily tied by researchers to individual customers.
Read more
Is Your Incident Readiness Plan Ready?
Security incidents are inevitable if your organization relies on technology, people, and data. The key to minimizing their impact is having an up-to-date, well-practiced incident response plan. Here are five essential steps to ensure your organization is prepared when—not if—a security incident occurs.
Read more
Five Security Incident Readiness Steps to Take Now.
Security incidents are inevitable if your organization relies on technology, people, and data. The key to minimizing their impact is having an up-to-date, well-practiced incident response plan. Here are five essential steps to ensure your organization is prepared when—not if—a security incident occurs.
Read more
Measuring What Matters: Track Incident Response Performance and Prove ROI
Many organizations invest heavily in incident response (IR) capabilities, yet struggle to measure their effectiveness and return on investment (ROI). Without clear performance metrics, leadership lacks visibility into whether incident handling processes are improving over time or if teams are just repeating the same mistakes.
Read more
From Firefighting to Framework: Turning Incident Handling into a Strategic Advantage
If your business relies on technology, security incidents are inevitable. And all businesses rely on technology. That’s why a comprehensive, up-to-date incident readiness plan is essential. But incident response readiness isn’t something you can buy—it’s something you need to build, refine, and integrate into your organization’s culture.
Read more
Incident Preparedness: Less Expensive Than Incident Response
Security incidents are inevitable, but proactive preparation can significantly reduce their impact. The worst incidents— the ones that cause financial losses, brand damage, regulatory scrutiny, and prolonged recovery times— occur when organizations haven’t built and tested a comprehensive incident response plan. Investing in incident readiness before a crisis arises isn’t just a best practice— it’s a financial imperative.
Read more
What Is Risk Assessment, and Why Does It Matter?
Risk assessment is a critical tool for identifying vulnerabilities before they escalate into business disruptions, security incidents, or operational failures. At EPSD, we help organizations understand their cyber and operational risk landscape, equipping leadership with the insights needed to make informed security investments and improve overall resilience.
Read more
Not Semantics: Why It Matters That the CrowdStrike Outage Was a Security Incident
When a faulty update to CrowdStrike’s Falcon endpoint detection and response product rendered Windows systems worldwide inoperable, it created a headline-grabbing IT outage. Airlines, hospitals, emergency services, and businesses were all affected—unable to access critical systems without complex, manual recovery efforts.
Read more
The True Cost of Cybersecurity Incidents
Regardless of how it happens, when your customers can’t access your service, you can’t take payments, or you can’t pay suppliers, your business stops. Full stop.
Read more
Security Incidents Aren’t “IT Problems”
Security incidents impact every part of an organization, not just IT. Companies that respond effectively are the ones that anticipate risks, plan ahead, and coordinate across departments—not just those that rely on technical teams to “fix the problem.”
Read more
Succession Planning: A Surprisingly Common Business Risk
Fast-growing companies, particularly those in technology and high-stakes industries, often prioritize immediate operational needs over long-term planning. One critical area that frequently gets overlooked is succession planning—a business continuity essential that can create serious vulnerabilities if not properly addressed.
Read more
Tech Debt in Scale-Ups
When tech companies hit hypergrowth, they face the challenge of evolving their software systems from minimally viable products (MVPs) to enterprise-grade platforms. These transformations extend beyond software development to affect entire organizations.
Read more
Why Tech Debt Matters – And How to Pay It Off
When developers cut corners to ship products faster, they take on technical debt—a trade-off that can accelerate early growth but create long-term instability. Unlike financial debt, which can be strategic, tech debt compounds over time, leading to fragile systems, costly failures, and expensive remediation efforts.
Read more
How Much Tech Debt is Too Much?
Tech debt is inevitable in innovation. The question isn’t whether your organization has it—but rather how well it’s managed. Proactive leaders strategically take on tech debt when necessary and implement processes to track, assess, and address it before it becomes a bottleneck.
Read more
The Post-Mortem Dilemma: Why Companies Struggle to Learn from Incidents
Security incidents should be a catalyst for improvement, but too often, companies fail to extract meaningful lessons from them. Post-incident reviews are either rushed, incomplete, or focused on blame, leading to missed opportunities for resilience and long-term security improvements.
Read more