[BreachExchange] Communication Means Everything In Times Of Cyber Crisis
Inga Goddijn
inga at riskbasedsecurity.com
Fri Nov 23 15:07:18 EST 2018
https://www.noobpreneur.com/2018/11/23/communication-means-everything-in-times-of-cyber-crisis/
Up to $1.1 million is lost to cybercrime every minute, according to Threat
Post
<https://threatpost.com/threatlist-1-1m-is-lost-to-cybercrime-every-minute-of-every-day/136871/>.
While a good part of this cost comes from the damage that cybercriminals
inflict on an organization, some of it comes in the form of reputation
damage. In the wake of a cyber-attack, most IT professionals might find it
easier to keep the information about the attack a secret while they try to
fix the situation.
Sadly, this might result in more losses than the attack itself would cost.
In case shareholders and other corporate citizens hear about the breach
from other sources other than official communication from the compromized
party, chances are that they will lose trust in you. Furthermore, effective
communication internally will ensure that you can remedy the situation in
good time before too much damage occurs.
Effective Communication Starts With A Good Plan
Is your firm threat-ready? Communication cannot be effective enough if it’s
not based on the foundation of clear security guidelines. To be optimally
threat-ready, you need to have an incident response plan in place.
Additionally, your internal team ought to know the plan by heart which
makes testing the plan often worthwhile.
For instance, if you have a security tool such as a *log analyzer
<https://papertrailapp.com/log-analyzer>* in place, your IT team needs to
be trained how to most effectively interpret information from those tools.
They also need to know who is supposed to do what during a crisis, to avoid
nightmarish chaos. As such, communication starts long before the crisis,
through training staff members and testing your security solutions.
Trust Means Everything
Businesses are all founded on trust with your customers entrusting you with
their personal information. In the wrong hands, such information could be
an easy way for criminals to commit identity theft. During the wake of a
crisis, customers will typically wonder if their privacy is compromised,
and whether this will mean the end of your business. Having your PR team
address these fears carefully will help calm the customers, as well as
solidify the trust they have in you. For instance, in *the Equifax data
breach
<https://blog.trendmicro.com/equifax-breach-example-good-communications/>*,
the fact that the company communicated with the customers’ whose data had
been compromised cleared the air quickly.
Effective Communication Boosts Remediation
While external communication will work to calm down stakeholders, internal
communication will help in remediation of the situation. Employees need to
communicate with each other now more than ever, and collaborate in
eliminating the threat. For instance, there needs to be a protocol in place
to alert your IT staff of a breach when it occurs. In case the threat has
compromised some of your key communication channels, it only makes sense to
use alternative channels. This will ensure that the enemy cannot eavesdrop
into your remediation plan and use it against you.
You Need To Communicate With Third-Party Security Agents
If the situation is really bad, it makes sense to get in touch with
third-party security agents. For them to be effective enough in their job,
you will need to understand the situation you are in down to a “T”. The
quicker you can establish a containment plan, the easier it will be to
mitigate the damages that the situation exposes your organization to. To
excel at this, it is best to have already set up *effective collaboration
channels
<https://www.forbes.com/sites/rogertrapp/2018/07/25/collaboration-is-the-way-to-beat-the-cyber-attackers/#344070811823>*
with third-party agencies such as detectives and security companies.
Conclusion
Every second counts in the wake of a cybersecurity breach. Effective
communication will ensure that you keep customers happy, as well as
champion your remediation program. Evaluate your communication
infrastructure regularly to avoid being caught off guard during a
cyber-attack.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20181123/22d59f0f/attachment.html>
More information about the BreachExchange
mailing list