I've been asked often to help developed and run table top practice for a Cyber Breach response plan - Does your Enterprise have One?
The point made in the above Ted talk is that the way advanced peristent threats (APTs) had evolved and Dark Web 'trading' activities are progressing is that it is not a question of "If your defences and best practices are going to get breached?", but "When ? " . In addition it worth highlighting that Federal Gonvernment set their bar very high - as Gen Hayden highlights in his book " Palying to the Edge ". NIST had developed quite detailed guidelines that we all must follow, yet : Do you have PR and Crisis Management Plan in Place that details steps that your enterprise will have to take when the breach is discovered? Did You develop thi Plan well in advance , practiced it often with third party supervised Table Top Excersises?
Do NOT let your enterprise follow the path of Equifax and Yahoo !