Mistakes are a fact of life. It is the response to the error that counts.

–Nikki Giovanni

Bad news travels faster than good news. It is far easier to list everything a company has done wrong in a breach or an unexpected cyberattack. However, there is merit to studying what a company has done right. As we go through history and current affairs and the tales of the CISOs who have shared their stories with us, it's important to highlight the positives and identify important lessons from them. What did an American bank holding company do right? What can we learn from the aftermath of a hack on a renowned security vendor? What does the world's very first CISO have to say about today's times?

Most breaches are due to a variety of factors, from incorrect configuration to back door and application vulnerabilities, forgotten permissions, user errors, malware, insider threats, and the list goes on. In Capital One Financial Corporation's case, the firewalls were not properly configured, and their back door was left open – which is how the criminal got in, the same way she got into 30 other companies, as discovered by the FBI.

What was lost in translation in the frenzy of media coverage was Capital One's exceptional incident response. Many found the response of their then CISO, Michael Johnson, and his team impressive. First and foremost, they acted fast.

SWIFTNESS MATTERS

The Capital One cybersecurity team detected the incident within a few days. That's crucial, ...