Preparing to manage a cyber crisis and communicate

Preparing and communicating in the face of cyber crisis management

The multiplicity of cyberattacks, their protean impacts on the activity of structures and the increased use of teleworking have led to a real consideration of the cyber problem by private companies and public bodies.

Today, the question is no longer IF a structure will be affected by a cyberattack, or WHEN it will be, but HOW it responds, in other words its crisis management, will be articulated from the detection of the attack, to the investigation, remediation and recovery of activity.

1/ Anticipating and preparing: assets in cyber crisis management

Cyber threats have evolved and have given rise to attacks with increasingly visible and significant impacts. No longer limited to exerting pressure on the activity of victim structures, cyberattackers also tend to play on reputational levers, particularly via the personal and/or sensitive data processed by organizations.

It is therefore common to observe in the news the quadruple punishment of companies that are victims of ransomware: encrypted information system, financial blackmail, personal data leakage and impact on the business.

Faced with cyber crisis management: “the more regular the preparation, the more effective the response will be”.

Crisis management procedures are a first line of defence, and raising awareness among teams is a second – in particular through the introduction of good practices. It is then necessary to test this knowledge during exercises and crisis simulations in order to transform it into reflexes. These are aimed at various decision-making and operational bodies (executive committee, legal, communication, IT teams) and are based on precise and concrete scenarios (ransomware attacks, cyber fraud, compromise of social networks, etc.) in line with the context and needs of the company.

The combination of theoretical and practical training will offer an optimised ability to react in degraded situations, thus saving precious minutes on the day.

Maintaining the crisis system in operational condition requires it to be regularly updated according to the evolution of cyber risks, the organisation and the training and regular training of resources.

2/ Prepared communication is better than declared absence

Faced with increasingly high-profile attacks that affect all levels of the organization, strengthening your cyber crisis communication is essential. What public opinion and stakeholders no longer forgive is not being the victim of a cyberattack, but not knowing how to manage, failing in the operational response provided and hiding the reality of things. It is precisely this issue that cyber crisis communication must strive to address.

This is all the more true in the event of ransomware that makes the IS encrypted and inoperative. At this point, social media is an effective way to reach a large audience quickly. Faced with “classic” communication channels that are sometimes unusable, completely dissociated from the organization’s information system, social networks are an effective and relevant alternative to the messaging or website of the victim organization.

In addition, ransomware attacks have transformed the media landscape of cyber crises, which they have made visible, through their strong impact on the business. The number of companies “forced” to communicate has developed a collective awareness of the scale of the cyber threat, the multitude and variety of targets concerned.

In addition, when faced with journalists who are aware of and trained in the subject, or even specialized, the journalistic approach is no longer limited to a transcription of the company’s statements: it is a real investigation. While this allows for less one-sided media coverage of cyberattacks, the challenge can be significant for communication teams whose work is complex.

Finally, in addition to external communication, regular and understandable information sharing is also essential between the different functions (CISO, IT, BCP, HR, etc.) within the structures, in order to keep them informed of the resumption of activity. In order to promote exchanges between the various players in the structure, training courses dedicated to each business team are available to enable them to identify the key information to be transmitted to the business lines and how to do it, thus making overall communication more fluid.