Cyber crime is rewriting the crisis management rule book as data breaches get ever more damaging and costly for the enterprises that suffer them.
High profile web sites such as Ashley Madison and household name companies like Carphone Warehouse are just two of the most recent public data breaches that have circulated the media recently and they won’t be the last. Apart from the immeasurable disruption such breaches can cause customers, they also provide not only short term, but also long term harm to the brands reputation and bottom line.
More often than not, companies are taking far too long to detect a data breach and to clean up the mess.
In the worst cases, the breach is not discovered at all during the data theft process, even if the data is being put to criminal or unethical use right under an organisation’s nose.
As data breaches are becoming more publicised and damaging to valuable and hard-built reputations, board of directors are taking the threat far more seriously and hold IT far more accountable if they fail to spot, contain or otherwise act against an intrusion or malware outbreak inside the organisation. Current crisis management techniques are outdated, formulaic and constrained when compared to the crisis they are trying to contain and resolve.
Security systems are just not dynamic or multi-faceted enough to deal with the nature of today’s ubiquitous cybercrimes.
Cyber crisis management should not be considered simply as a combination of crisis management, emergency and terrorist responses. There needs to be both internal and external cooperation and communication in play and an environment where enterprise risk management, business continuity, emergency response, reputation management, and corporate governance are balanced.
Content from our partners
What to do when a data breach or crisis hits?
Whether you are a giant multinational corporation, a small business, sole trader, or end user, you can help to stop breaches and clean up the damage. First, the most pressing problem is discovering the breach. Recent research from the Poneman Institute revealed it takes an average of 256 days to find out that an organisation suffered a breach.
Meanwhile, credit card numbers may have been exposed, competitors may have an organisation’s confidential plans and intellectual property, while personal information may be used for identity theft and other financial fraud. Intrusion detection, firewall logs and solutions like an event log manager can all help to identify suspicious activity earlier.
If you have logs, you really must read them to see if anything is askew. Also, if you are a client-facing organisation, make sure you empower your customers to contact you if they see anything suspicious happening with their account.
Second, realise that many breaches come from inside the organisation, so treat employees – including your IT staff – just as you would do an outsider. It is not a sign of distrust or disrespect, but rather an essential step to demonstrate reasonable care for the data your organisation holds. Keep privileges to a minimum and set controls on what data can leave the premises. Privileges are a huge issue – too many users and even outsiders have admin rights and broad access to data and systems.
Third, it’s time to have a solid data backup plan. Not long ago, we learnt about a company that went out of business because of a ransomware infection. Code Spaces, a seven-year-old SaaS provider was forced out of business when its Amazon Web Services’ control panel was breached. The attacker locked the company out and demanded a ransom to give back control.
When the company didn’t accede to the request, the attacker started deleting data until Code Spaces was left with nothing. It’s a heart-breaking story, but it also highlights the importance of multi-location backups and not banking everything on a single point that can fail.
Once a data breach has been detected and patched, the fourth point should be to communicate. If your company suffers a data breach, customers will have questions and concerns which need to be addressed. That is why it is so important that they are notified as early as possible.
One way or another, they will find out – and they would rather it came from you, rather than from the media. How your customers get to know of the breach will contribute towards your company’s overall chances of weathering the storm.
Customers expect open communication, especially if their personal data is compromised. State what happened, when and how you are dealing with it and how it impacts them. Tell them what they can do in the meantime and what recourse they have to protect their interests.
The final step it to tell the world what happened. This is where the crisis management rules and the salvaging of brand reputation comes into play. Don’t rush! While we advocate swift and clear communication, if the breach is not under control and/or resolved, you could jeopardise your business even further by highlighting network vulnerabilities. Doing so makes the organisation prone to a repeat attack before you have properly addressed the breach.
