SANS Institute projected its recent breach in August 2020 as a teachable moment. This act of transparency is very refreshing and helpful! This is also in contrast to how most breaches have been handled in the past. SANS elaborated the details of the phishing attack and corresponding IOCs. The application based consent phishing attack that was carried out in this case was published on Microsoft’s blog. The article details on steps to combat the consent phishing attack. This is very handy in this remote workforce culture we thrive today.
This incident highlights the following three aspects of incident response and crisis management for any organization:
- Resiliency is critical
- Transparency and communication is paramount
- Learning and sharing is transformational

We all know that there is no such thing as 100% risk mitigation, and no organization is invincible. None of the factors such as – size, sector, location of organization matter when it comes to succumbing to a cyber-attack. It doesn’t matter if the organization itself evangelizes and advocates on Cybersecurity, as in this case, SANS being the provider of renowned cybersecurity training and certifications. When breached, the key is to make sure your resiliency strategy and plan (assuming it is a robust one!) is executed efficiently. The last step in the incident response process is “lesson learned”, which is also critical as it enables us to incorporate these learnings into the incident response planning and be better prepared when the next one happens. This last step is what SANS orchestrated artfully and deserves an applause.
SANS’ approach exemplifies how organizations should be responding to a breach. Few benefits of this approach would provide an opportunity to – adjust the crisis management plan, improve incident response processes, increase awareness and education of internal users, and share/consume such information.