Preparing to manage a cyber crisis and communicate – InCyber News

Today, the question is no longer IF an organisation will be affected by a cyberattack, nor WHEN it will happen, but HOW it will respond.

The multiplicity of cyberattacks, their protean impacts on the activity of structures and the increased use of teleworking have led to a real consideration of the cyber problem by private companies and public bodies.

Today, the question is no longer WHETHER an organisation will be affected by a cyberattack, nor WHEN it will happen, but HOW it will respond, in other words, how its crisis management will be coordinated from the detection of the attack through to investigation, remediation and business recovery.

1/ Anticipating and preparing: assets in cyber crisis management

Cyber threats have evolved and given rise to attacks with increasingly visible and significant impacts. No longer limited to exerting pressure on the activities of victim organisations, cyber attackers also tend to leverage reputational factors, particularly through the personal and/or sensitive data processed by organisations. It is therefore common to observe in the news the quadruple punishment of companies that are victims of ransomware: encrypted information system, financial blackmail, personal data leakage and impact on the business.

When dealing with cyber crisis management: ‘The more regular the preparation, the more effective the response will be.’

Crisis management procedures are the first line of defence, with team awareness being the second – particularly through the introduction of best practices. It is then necessary to test this knowledge during crisis exercises and simulations in order to turn it into reflexes. These exercises are aimed at various decision-making and operational bodies (executive committees, legal teams, communications teams, IT teams) and are based on specific, concrete scenarios (ransomware attacks, cyber fraud, social media compromises, etc.) tailored to the context and needs of the company. The combination of theoretical and practical training will offer an optimised ability to react in degraded situations, thus saving precious minutes on the day.

Maintaining the crisis system in operational condition requires it to be regularly updated according to the evolution of cyber risks, the organisation and the training and regular training of resources.

2/ Prepared communication is better than no communication at all

Faced with increasingly high-profile attacks that affect all levels of the organization, strengthening your cyber crisis communication is essential. What public opinion and stakeholders no longer forgive is not being the victim of a cyberattack, but not knowing how to manage, failing in the operational response provided and hiding the reality of things. It is precisely this issue that cyber crisis communication must strive to address.

This is especially true in the case of ransomware, which encrypts and renders the IT system inoperable. At this stage, social media is an effective way to quickly reach a wide audience. When traditional communication channels are sometimes unusable and completely disconnected from the organisation’s IT system, social media is an effective alternative to the victim organisation’s messaging system or website.

Furthermore, ransomware attacks have transformed the media landscape of cyber crises by making them visible through their significant impact on business activity. The number of companies ‘forced’ to communicate has raised collective awareness of the scale of the cyber threat and the multitude and variety of targets involved. What’s more, with journalists now aware and trained on the subject, or even specialised in it, the journalistic approach is no longer limited to simply reporting the company’s statements: it has become a genuine investigation. While this allows for less one-sided media coverage of cyberattacks, it can pose a significant challenge for communications teams, whose work has become more complex.

Finally, in addition to external communication, regular and comprehensible information sharing between the various departments (CISO, IT, BCP, HR, etc.) within the organisation is also essential in order to keep them informed of the resumption of activity. With the aim of promoting exchanges between the various players within the organisation, training courses dedicated to each business team are available to enable them to identify the key information to be communicated to the business lines and how to do so, thereby facilitating overall communication.

Article written by InCyber News.