close
close

Cyber ​​companies need a best-practice approach to major incidents.

Cyber ​​security companies have recently made headlines around the world with a series of serious incidents that caused widespread disruption. The CrowdStrike incident is estimated to have cost Fortune 500 companies up to $5.4 billion, according to Parametrix analysis. The Okta data breach and Ivanti Virtual Private Network (VPN) vulnerabilities raise similar concerns about the impact cybersecurity incidents can have on a global scale.

Cybersecurity professionals and organizations are under significant pressure due to a rapidly evolving threat landscape, increasing threats from state-sponsored actors, the offensive role that AI can play in cyberattacks, and the increasing availability of cyber exploit kits. Part of the challenge is that day-to-day detection and response to cyberattacks doesn't grab the headlines, but still contributes significantly to the performance and resilience of customers and the global economy.

To overcome these challenges, cybersecurity companies need a best-practice approach to major incidents.

Hire PR specialists to protect your reputation and maintain trust

Public relations organizations specialize in managing communications with the media, stakeholders and the public during a crisis. You will be able to work closely with cyber incident management experts to develop a crisis communications plan to ensure the cyber security organization is prepared for a wide range of eventualities. Managing communications across a variety of channels further complicates the situation, as social media and other digital channels often express speculative views or even misinformation about the causes of an incident. Establishing a dedicated communication channel ensures that a trusted source of information is available during the crisis. The speed and accuracy of communication during the incident is critical to maintaining trust and protecting the organization's reputation.

As a proactive measure, PR specialists can highlight the positive contributions of the cyber security organization and show the number of attacks prevented and mitigated. More broadly, as a profession, we need to communicate the positive benefits that cyber professionals and cyber tools bring to the global economy. Relying on complex cybersecurity terminology and acronyms can confuse messaging. There is a need to provide tailored messages to diverse audiences such as the general public, senior executives, trade press and news media.

Develop business models that incorporate insurance and compensation

The increasing complexity of cyber defenses means that incidents can occur due to either human error, the discovery of new software vulnerabilities, or a variety of other factors. Cybersecurity organizations need to think about business models to give customers peace of mind that there will be compensation in the worst-case scenario. Cyber ​​insurance can cover the costs of business interruption, forensic investigations, and the cost of notifying parties affected by a data breach. By offering cyber insurance, customers have the opportunity to purchase additional services beyond the standard product.

Alternative models could include service credits or free usage periods to offset losses. However, these are unlikely to provide sufficient compensation for a significant impact failure. Inappropriate compensation can lead to further brand and reputational damage.

Innovative defense lines

The cause of many cyber incidents is human error. According to the World Economic Forum, “95% of cybersecurity problems are due to human error, and insider threats (intentional or accidental) account for 43% of all breaches.” High-risk tasks and changes in cybersecurity systems are often subject to some type of four-control or secondary assessment to mitigate the risk of human error.

Rapid developments in AI technology mean that agents can be developed to detect potential human errors, verify compliance with company policies, and flag errors during configuration changes to software or cloud platforms.

Digital twins play a role in modeling the potential impact of cyber incidents. While a risk assessment can often highlight the immediate impact, the complex web of interdependencies and cascading risks requires more sophisticated tools to model the potential impact on customers and entire sectors. Using data from past attacks and outages adds even more realism to modeling. This strategy becomes even more important when a cybersecurity organization gains market dominance.

The modeling is likely to increase the need for further mitigation measures, such as: E.g., staggered deployments of software, sandbox environments for pre-production testing, partitioning and segmentation of networks, users and systems to avoid widespread global impact.

Cybersecurity organizations must take the lead in conducting incident response exercises with major customers in specific industries. A collaborative approach to implementing crisis and incident management plans will uncover gaps and identify opportunities to improve response speed.

By prioritizing crisis management best practices in a hyper-connected world, cybersecurity organizations can minimize reputational damage from incidents and maintain trust in their solutions. Without this approach, any positive benefits that cybersecurity organizations bring to the global economy risk being lost in a flood of negative headlines.

Andy Bridden and Ashley Barker are cybersecurity experts at PA Consulting.

You may also like...