“Proper preparation and planning prevents poor performance” is a famous adage that the British Army has used for centuries. The phrase highlights the importance of a well-structured plan – it ensures that teams stay on track, budgets are managed efficiently, and objectives are achieved.
Whilst most enterprises are not combatting tanks or missiles like the military, they are facing constant threats in the form of cyberattacks. Ensuring that employees are well-prepared for whatever challenges arise is crucial.
Being prepared for a cyberattack requires strong cyber crisis management underpinned by individuals with the right skills, which enables effective decision-making, steadfast leadership, and the learning of lessons. Readiness can be the difference between a well-handled, minor cyber incident and a major crisis.
Senior Director Operational Resilience at Immersive.
The lessons of past global incidents
“Proper preparation and planning prevents poor performance” has another joking meaning by the British military. Military leaders have used the line when something has gone wrong, but it can still be used to teach a valuable lesson.
In cybersecurity, there is so much focus on the next threat that it can be easy to overlook past incidents. While the tactics and techniques employed by cybercriminals have rapidly changed over the years, having an effective crisis management plan has always been critical.
For example, when it was first discovered in December 2021, around one in three applications using the vulnerable version of Log4Shell were susceptible to remote code execution, marking one of the most extensive cyber threats to date.
Despite the scale of the vulnerability, it was relatively easy to address on an individual level by simply updating to a secure version. The Log4j incident highlighted the critical need for proactive vulnerability management and a robust incident response strategy.
Businesses that lagged on security trends or had ineffective patching processes remained exposed for much longer, with many continuing to use vulnerable versions even years later.
Almost two years later, the MOVEit vulnerability, a zero-day vulnerability that affected more than 2,600 organizations and nearly 90 million individuals, again highlighted the importance of organizations being prepared, but in a different way.
As a zero-day, there was little that could be done to proactively reduce risk. However, clear, transparent, and timely communication with stakeholders was crucial in managing expectations and maintaining trust throughout the incident.
Whilst the two incidents required very different responses from organizations, both carry the lesson of the importance of preparedness.
How to make the right decision during a crisis
In a crisis, leaders face intense pressure, where every decision is significant. Success depends on a clear decision-making framework that balances urgent needs with long-term objectives. So, what does an effective framework look like?
A strong starting point during any crisis is being able to gather all accurate and relevant information. By understanding the full scope of the crisis and its potential impacts, leaders help prioritize actions and allocate resources effectively.
It’s critical in any crisis management framework that leaders establish credible sources that allow them to determine the extent of the crisis and make effective decisions. These sources must be rigorously cross-checked to avoid the spread of unverified information, which will only spread panic and distrust during a crisis.
In addition to having the correct information, leaders should go into cyber crises knowing what their key priorities and strategic focuses are. For example, how do you keep people safe, and which systems are essential for maintaining services?
Actions must align with the organization’s mission and values, ensuring responses are both effective and true to core principles. Effective crisis management demands prioritizing resources and making informed trade-offs to minimize the impact of an attack.
Considering such priorities before an incident will also reveal the ethical implications of each choice. This includes the impact of decisions on customers, employees, and business relationships. By considering such implications, leaders can then make decisions that support sustainable recovery.
What to do in the middle of a crisis
As mentioned before, preparation is key to making the right decisions. However, during a crisis, there are a number of points leaders need to follow.
First and foremost, clear and transparent communication is absolutely essential. Stakeholders need to be provided with regular updates so they can manage expectations. It’s critical that any statement provides truthful information about the situation, including any associated risks and uncertainties.
A company might handle the technical aspects of a cyber incident very well, but if they don’t manage communications effectively or address the business impact, it could lead to negative media coverage and customer backlash—the court of public opinion, as I like to call it.
For example, CrowdStrike was both applauded and criticized in the court of public opinion, despite resolving the issue fairly quickly.
On the other hand, Atmos recently showcased the importance of regular communication. Through regular statements, they were able to hit back at ransomware attack claims and then later that week confirm the claims of compromise were unfounded.
By immediately addressing the rumors of a potential breach, they prevented panic from spreading among customers and partners, and fostered a reputation of transparency and credibility.
During a crisis, it’s also critical that leaders remain flexible and adaptable to changes. Cyber incidents are constantly changing, and new information is coming to the forefront. For example, initially, a breach might just be the encryption of systems, but days later it can quickly unfold that customer data has been exfiltrated.
Leaders must learn from ongoing events and adjust their approaches based on real-time feedback and evolving circumstances. By incorporating feedback from stakeholders and team members, leaders can refine strategies and improve crisis management.
Practice makes perfect
It’s easy for organizations to complete their cyber crisis plans and leave them on the shelf until needed. However, preparation doesn’t mean just creating plans but regularly testing and refining them.
An effective crisis management framework should include well-defined roles, responsibilities, and communication protocols. Regular drills and simulations are essential to test and refine the plan, ensuring teams are prepared for real emergencies.
Ongoing training is crucial to reinforce the crisis management framework, instilling confidence and ensuring familiarity with assigned roles. Comprehensive crisis simulations, including cyber drills, should emulate real-life scenarios to enhance preparedness and situational awareness.
Following a cyber incident, it is vital to update the response framework. After the immediate crisis is resolved, a thorough review must be conducted to assess the effectiveness of the response and identify areas for improvement.
Debriefing sessions enable leaders to analyze successes and pinpoint gaps in the response process. Documenting lessons learned and updating protocols based on this analysis ensures the organization is better equipped to manage future incidents. Maintaining a culture of continuous improvement is key to sustaining a robust state of crisis readiness.
Ultimately, the rate and impact of cyberattacks is not going to slow down anytime soon. However, being prepared for such incidents can stop an attack from becoming a full-blown crisis. Preparation is key to stopping cyberattacks, and at the heart of preparation is a proactive and regularly tested crisis management plan.
We’ve featured the best business plan software.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
https://cdn.mos.cms.futurecdn.net/NGKiUcJVFBC8HkMp9dTo9a-1200-80.jpg
Source link
