[BreachExchange] Your Biggest Cybersecurity Threat is Poor Communication

Destry Winant destry at riskbasedsecurity.com
Fri Aug 31 04:13:48 EDT 2018


https://securitytoday.com/articles/2018/08/27/your-biggest-cybersecurity-threat-is-poor-communication.aspx

When it comes to cybersecurity, it’s all too easy to focus only on
prevention.  Don’t get me wrong, securing critical systems and data is
one of the top priorities for any Chief Security Officer (CSO) or
Chief Information Security Officer (CISO). That means deploying
everything from firewalls to intrusion detection systems to end-point
security – and monitoring it continuously and effectively.

But the hard truth of conventional IT security is that enterprises
play defense while hackers are playing offense. To win, the hackers
only need to get an attack right oncewhile corporate security
strategies must be impregnable at all times. With technology like
automated botnets that can launch thousands of attacks a second – not
to mention users who click on malware-filled emails – the odds are
that an attack will get through at some point.


Lost in the various technology discussions surrounding cybersecurity
is the importance of effective internal communications before, during
and after an attack. An organization’s ability to quickly muster
counter measures when they are targeted for a cyberattack could be the
difference between a data breach that costs millions and a slight blip
in operations.

All Hands on Deck

Creating a culture of security helps prevent breaches and requires
input from a variety of departments including IT, HR, marketing,
facilities, and anyone else regularly involved in managing critical
systems. In the event of a breach, CSOs and CISOs need to give every
job function a clearly defined role based on their skills, location
and availability. A simple call sheet is not sufficient.

Preparation is a Must

All the technology in the world won’t prevent an attack if employees
are not fully trained on security awareness. Workers are an
organization’s first line of defense so it is the security team’s
responsibility to train and publish best practices around spear
phishing (the use of fraudulent emails aimed at specific users to
launch an attack) so employees know how to recognize suspicious
emails, links and attachments. Those split-second decisions to
quarantine or open an email can expose critical systems to attack no
matter what security technology you’ve deployed. Cybercriminals are
always refining their “phishing” techniques to trick users so
enterprises must commit to continuous education so workers are up to
date on the latest threats. While it isn’t a complete cure, keeping
users from making damaging mistakes is a big win.

CISOs need buy-in from the C-suite to ensure management understands
the risks to the business, the importance of developing a proactive
strategy and implementing education programs not just with funding,
but with their own personal example of practicing safe computing.

Response Team, Assemble!

Trust is such a vital part of how customers and business partners
think about your business, which is why data breaches are particularly
damaging to a company’s brand.


A coordinated, effective response can make the difference between a
breach being a minor speed bump or a major hit to your brand or market
value. For example, lack of adequate, proactive and prescriptive
notification to all employees can drastically increase the damage from
an attack by enabling criminals to compromise IT equipment rapidly as
employees link their infected laptops to the company network.

Organizations may also need to establish alternate communications
platforms, disconnected from the company’s infrastructure, for use
during an attack if their regular telecommunications network and email
systems are compromised. While quick and targeted communications with
the relevant IT experts will be key, don’t forget you may also need
frequent updates with management, legal, marketing, key stakeholders
and partners to comply with regulations governing data privacy and
security reporting.

Organizations that handled communications well after a breach
typically suffer only small fluctuations in stock price and customer
confidence. Those that couldn’t get the message out, or bungled the
message, suffer longer-term effects.

Post-Attack Analysis

A successful post-attack communications plan provides an honest
account of what went wrong, what went right and how processes can be
improved to avoid a recurrence. Now is not the time to pull any
punches. If a particular technology – or member of the team – didn’t
perform up to expectations, new measures must be put in place to
improve the outcome.

Including an in-depth post-mortem into the enterprise cybersecurity
strategy is vital as it is impossible to think about things critically
during a crisis. Having a time-tested response plan in place, and a
communications system to alert all the players, gives businesses a
vital head start when the next cyberattack occurs.

You can’t control how hackers will try to defeat your technology and
fool your users, but businesses can tilt the playing field in their
favor with fast, effective, coordinated communications plans.


More information about the BreachExchange mailing list