close
close

Cyber ​​businesses need a best practice approach to major incidents.

Posted on by angelo
Cyber ​​businesses need a best practice approach to major incidents.

Cybersecurity companies have recently made global headlines with a series of significant incidents that have caused widespread disruption. The CrowdStrike incident is estimated to have cost Fortune 500 companies up to $5.4 billion, according to Parametrix analysis. The Okta data breach and Ivanti Virtual Private Network (VPN) vulnerabilities raise similar concerns about the impact cybersecurity incidents can have on a global scale.

Cybersecurity professionals and organizations are under significant pressure due to a rapidly evolving threat landscape, growing threats from state-sponsored actors, the offensive role that AI can play in cyberattacks and the increased availability of cyber exploit kits. Part of the challenge is that the daily detection and prevention of cyberattacks does not make headlines, but contributes significantly to the performance and resilience of customers and the global economy.

To meet these challenges, cybersecurity companies need a best-practice approach to major incidents.

Hire public relations specialists to protect reputation and maintain trust

Public relations organizations specialize in managing communications with the media, stakeholders and the public during a crisis. They are well placed to develop a crisis communications plan, working closely with cyber incident management experts, to ensure the cybersecurity organization is prepared for various eventualities. Managing communications across a wide range of channels further complicates the situation, with social media and other digital channels often expressing speculative opinions or even misinformation about the causes of an incident. Setting up a dedicated communication channel ensures that a reliable source of information is available during the crisis. Speed ​​and accuracy of communications during an incident are essential to maintaining trust and helping to protect organizations’ reputations.

As a proactive measure, public relations specialists can highlight the positive contributions made by the cybersecurity organization, demonstrating the number of attacks prevented and mitigated. More broadly, as a profession, we need to raise awareness of the positive benefits that cyber professionals and cyber tools bring to the global economy. Using complex cybersecurity terminology and acronyms can confuse messages. It is necessary to provide messages tailored to different audiences such as the general public, senior executives, trade press and news media.

Develop business models to include insurance and compensation

The increasing complexity of cyber defenses means that incidents will occur, either due to human error, the discovery of new vulnerabilities in software, or a multitude of other factors. Cybersecurity organizations need to consider business models to give their customers confidence that if the worst happens, there will be some form of reward. Cyber ​​insurance can cover business interruption costs, forensic investigations, and costs of notifying affected parties of a data breach. Offering cyber insurance gives customers the opportunity to purchase additional services beyond the standard product.

Alternative models could include service credits or free usage periods to compensate for losses. However, these measures are unlikely to provide sufficient reward in the event of a high-impact outage. Inappropriate compensation levels can result in further brand and reputation damage.

Innovative lines of defense

Many cyber incidents are caused by human error. According to the World Economic Forum, “95% of cybersecurity problems are attributable to human error, and insider threats (intentional or accidental) account for 43% of all breaches.” High-risk tasks and changes to cybersecurity systems are often subject to some form of double-checking or secondary-level assessment to help mitigate the risk of human error.

Rapid developments in AI technology mean that agents can be developed to identify potential human errors, verify compliance with organizational policies, and report errors in configuration changes made to software or cloud platforms.

Digital twins play a role in modeling the potential impacts of cyber incidents. While a risk assessment can often highlight immediate impacts, the complex web of dependencies and cascade of risks require more sophisticated tools to model the potential impact on customers and entire industries. Using data from past attacks and outages brings more realism to the modeling. This strategy becomes even more essential when a cybersecurity organization is dominant in the market.

Modeling is likely to require additional mitigation measures, such as staged software deployments, sandbox environments for pre-production testing, partitioning and segmentation of networks, users and systems to avoid large-scale global impacts.

There is a need for cybersecurity organizations to take the lead in conducting incident response exercises with major customers in specific industry sectors. A collaborative approach to implementing crisis and incident management plans will highlight gaps and highlight opportunities to improve the speed of response.

By prioritizing crisis management best practices in a hyper-connected world, cybersecurity organizations can minimize reputational damage caused by incidents and maintain trust in their solutions. Without this approach, there is a risk that any positive benefits that cybersecurity organizations bring to the global economy will be lost in a flood of negative headlines.

Andy Bridden and Ashley Barker are cybersecurity experts at PA Consulting.