The following steps should be rapidly taken to address a cyber-attack:
- Establish Management Control
For organisations that have pre-defined Crisis Management Plans, this is the time to implement them. Often businesses take a ‘wait and see’ approach to activating these plans, fearing that they may be crying wolf. However, any time lost at the commencement of managing a crisis cannot be regained, and will immediately place the business on the back foot.
- Address the Technical Issues
Whether or not you understand the technical aspects of a cyber attack, you cannot back away from building a strategy to address it. If your business is large enough to have in-house IT staff, call on them. From there, you need to determine if you will call in outside help. Many businesses specialise in providing cyber-attack support in addition to the advice available to businesses from the Australian Government’s Cyber Emergency Response Team (CERT).
Regardless of the choice to in-source or seek out-sourced expertise, your next priorities are to confirm the validity of the data leak and identify and block the breach.
- Assess the Extent of Business Interruption
To build an appropriate response strategy, you need to understand what parts of the business have been affected. It is important to consult with operational teams to truly understand the impacts of system outages on productivity. Understanding the criticality of individual systems and developing work around options will enable your business to continue to function whilst the technical aspects of the incident are resolved.
- Communicate Early and Often
Communicating all of this complex and continually evolving information to staff and customers is a difficult challenge. In a rapidly moving media environment, poorly managed or ineffective communication can allow a media firestorm to evolve, leaving the business with two major issues to manage – the cyber attack and the media fire storm. As Symantec noted in their 2016 Internet Security Threat Report, “Transparency is critical to security”. Efforts to hide the extent of the hack, to shift blame or deny responsibility will only compound the difficult circumstances faced by the business.
Once you have confirmed the data leak is real, your response strategy needs to focus on minimising further harm to customers. This should be supported by your communications strategy. Although the situation will change rapidly, and at the outset the business may face many unknowns, it is important to lead the communication process rather than reacting to mounting customer anger. Honesty, and communications centred firmly in your organisation values, is the only path that will allow a business to survive a cyber-attack and salvage its reputation.
A Final Thought
A major hack will cause disruption to normal operations for weeks to months and will occupy a disproportionate amount of the executive team’s time. Strong leadership, regular communication and clearly articulated values provide the basis for an effective management strategy. With a clear understanding of the nature of the attack, its current and future potential impacts, an executive team can successfully lead a business through a cyber-attack.
This article is supplied by CGU Senior Specialist in Risk Consulting Lex Drennan, for APHA Major Sponsor Gow Gates