Recovering and rebuilding trust after a cyberattack [Q&A]
However good your defenses, cyberattacks can still happen. However, in many cases, the aftermath can be worse than the attack itself, as enterprises struggle to calm nerves and reassure staff, customers, and shareholders.
We spoke with Daniel Tobok, CEO of incident response specialist CYPFER, to discuss how organizations can recover from a cyberattack and why the leadership's response is vital.
BN: What are the first steps an organization should take to develop a robust post-breach plan, especially if they currently have little to no formal strategy?
DT: A proper breach response plan involves understanding both the location of the business's critical data and who will fill which role in the plan.
You can't assume your IT department has a recovery plan. Their area of expertise might be limited to email or networking issues. Your legal department, while successful in mitigating issues such as trademark disputes or drafting a good contract, might not be equipped to handle a security breach. Your PR team might get you good headlines, but what's their crisis communications strategy when a cyberattack occurs? Hopefully, you never need this, but it's essential to document everything.
The next phase involves understanding what the business must recover in terms of assets to maintain its critical operations. Timing is everything, and it is by seconds and minutes, not hours or days. Have a backup strategy in place and assume the worst-case scenario. For examples, how do you reclaim the data? Is negotiation with threat actors possible? Do you let it go and try to recreate the data?
BN: How critical is it to ‘budget for disaster’ and what should this include?
DT: 99 percent of organizations can't scientifically quantify their disaster budget. There is a way cybersecurity professionals measure this, however, using mathematical calculations relative to the client’s infrastructure. Business leaders should know that cybersecurity experts can address a critical budget for disaster and should request this budgeting as a first step when working with one.
Secondly, Cyber Insurance policies help businesses respond in these instances, allowing them to begin their recovery plan.
BN: When an attack is actively unfolding, what are the critical priorities for leadership?
DT: The priorities are as follows:
- Understand what happened
- Stop the bleeding
- Assess the damage
- Execute the recovery plan
BN: How important is maintaining transparent communication during and after a breach, especially concerning sensitive information?
DT: Should you be transparent? Absolutely, but you should consider when and how to disclose the information to the public or anyone who does not have a need-to-know basis. However you do it, you need to get legal advice before publishing any of the breach.
BN: What are the long-term psychological impacts on an organization's leadership and workforce after a major cyberattack, and how can those be effectively addressed?
DT: The impacts have to do with the damage that occurred. We have seen companies lose $250 million in value due to reputation damage following a data breach. There’s a lot of psychological PTSD after that. The plan is the only way; you are still not immune, but at least you’re prepared.
I can’t stress enough cyber awareness education, having assigned roles, a cyberattack response plan, simply having the plan when the shit hits the fan. It always happens at an inconvenient time -- the CEO is on vacation, the CFO may already be in a budget crisis, the IT team is at a conference -- but everyone’s future with the company is at stake. It’s how you plan for it and execute on the recovery that will make all the difference in a breach.
Image credit: Rawpixel/depositphotos.com