Effective crisis management requires preparation that focuses not only on detection and prevention of breaches, but also response and remediation.
High-profile data breaches that affect millions of people are hitting the headlines with increasing regularity, and CEOs of large corporations are being dragged in front of government committees to be grilled by lawmakers. Harsh questions like “How could your security be so lax?” and “Why didn’t you know what happened and why did you respond so slowly?” can be a nightmare for a CEO. Most companies focus IT resources on detection and prevention and don’t pay enough attention to response and remediation.
Understanding the timeline of a breach
Recent high-profile security breaches highlight a lack of preparedness among many organizations. Yet a startling number of organizations are completely ill-equipped to handle a major security incident. This failure is particularly alarming when you consider the fact that breach notification laws and regulations are becoming stricter around the world, with decreasing times allowed for reporting to government parties and the public.
During the lifecycle of a security breach, several critical events happen. The first event is the point when a breach occurs. The second is when data has been taken or destroyed. The third is when the breach is discovered (either by external or internal parties). And the fourth is when the breach is made public. When it comes to incident response, each of these points in the timeline are colloquially called “boom” events. However, we’re assuming here that the boom event is the point when the breach hits the media and the company loses control of the story.
The left of boom
Although the news media often focuses on the event itself, breaches often span many months. Before the breach is disclosed or discovered is termed the “left of boom.” During this time, cyber thieves are taking credentials, gaining deeper access, stealing data to be monetized, targeting key intellectual property, or preparing a destructive attack. Often the bad guys have infiltrated long before anyone realizes they’ve even accessed the systems.
Making better decisions during a boom event
During a boom event, an organization has the opportunity to respond well, fumble, or completely lose control of its response. When a security breach or cyberattack happens, executives need to drive effective response. They must quickly instill confidence to their customers and other stakeholders that they’re doing everything possible to solve the problem.
For many people in the C-suite, this type of fast, intuitive response doesn’t come naturally. Although they might know what to do technically to manage a breach, they often aren’t prepared to cope with the human side of the equation. In a crisis situation, the C-suite is up against a human adversary, which typically isn’t something that they’re used to handling. Phones ringing with angry customer complaints or questions from reporters can catch them off-guard, often causing them to fall apart or do nothing. During a crisis, taking no action can be worse than taking some action, even if it’s not the right action in the long run.
Acting to the right of boom
The period to the right of boom involves not only mitigating the damage from an attack, but also managing the court of public opinion after customers and the media find out what happened. What happens to the right of boom can dictate the future of a company. During the crisis, executives need to display seasoned leadership, so it doesn’t look like the organization is trying to hide something. The ability to make decisions quickly is critical during and after a cyberattack or security breach. To handle an incident quickly, organizations need more than procedures. They also need to practice their responses so they become automatic.
Read the full report for more recommendations on managing security crises, including how to improve responses and the importance of simulations.
Closing the cybersecurity skills gap
Many cybersecurity jobs can be filled through a “new collar” approach, with less emphasis on degrees earned and more on skills developed.
Cybersecurity in the cognitive era
In the cognitive era, organizations face well-known security challenges that lead to gaps in intelligence, speed and accuracy when confronting threats and incidents.
Three keys to competitiveness in an era of economic uncertainty
Learn how public and private sector leaders can work together to foster national and regional economic competitiveness in an era of uncertainty.
Insurance and risk in a digitally interconnected world
To navigate the risks of the digitally interconnected environment, insurers must build the right solutions and collaborate extensively.
Rethinking your approach to AI
Successful AI deployments are born of explicit business challenges and tied to real business results.