Responding to a security crisis can be a challenge for most cybersecurity teams. It can be doubly so for a team with relatively new and inexperienced security professionals.
Mistakes that security groups often make when responding to an incident can be amplified when individuals with little prior experience are suddenly called in to deal with an exploding crisis. Problems can include everything from failure to understand the scope of a breach, not knowing how to escalate, and communications breakdowns to technical mistakes like not retaining logs, not making backups, and pulling the plug too soon on infected systems.