Managing a cybersecurity crisis

While an organizational crisis can take countless forms in today’s business environment, one particular type of crisis appears to be both universal and increasingly prevalent: the cyber breach.

Cyber is seemingly everywhere. Which means cyber risk now permeates every aspect of how we live and work. No longer merely a technology issue, it’s a strategic business risk that affects every facet of every organization. It is complex and ever-changing, and effective cyber management is key to providing organizations with the confidence to progress, taking full advantage of technological opportunities.

Regardless of your company’s size, industry, or sector, if you rely on the internet or digital tools to conduct business, you’re at risk of a cyber-related crisis event. According to the Canadian Internet Registration Authority (CIRA), even organizations that have invested in cybersecurity aren’t immune—in 2017, 19 percent of Canadian companies suffered ransomware attacks, while 32 percent were threatened by phishing tactics.

Fortunately, it is possible to successfully mitigate and minimize the damage of a cyber breach. Once you come to terms with the fact you’ll likely be breached at some point, you gain greater capacity to prepare for the inevitable, respond efficiently, and outline a recovery plan. Most importantly, when the key decision-makers in your organization understand that it’s not a matter of if a cyber event will happen but when it will happen, it allows for a significant shift in thinking.

New rules and higher expectations
The occurrence of cyber crises has increased and malicious tactics have evolved dramatically over the last few years. And with this rapidly changing landscape comes the expectation of complete transparency from stakeholders, onlookers, and oversight bodies. More rigid data protection and cybersecurity regulations are the new reality–and the manner in which an organization carries out notification and communications to stakeholders and regulators in the event of a cyber crisis has a lot to do with how well it recovers.

It is also vital that everyone in your organization knows his or her role when it comes to safeguarding against and managing a cyber crisis. A defined plan that lays out the board’s role, the decision-making responsibilities of the C-suite, the incident response approach and processes of the management team, and a blueprint for communications to all stakeholders should be clearly documented and practiced.

Be prepared
Once everyone has a firm grasp of the degree to which your company faces cyber threats and its current risk maturity level, it’s important to put an effective cyber risk program into place–one that considers the key pillars to help ensure your organization is secure, vigilant, and resilient. Implementing such a program starts by asking the right questions and painting an accurate picture of your organization’s cyber threat landscape.

Once you identify the who, what, and how of a potential attack, you can start prioritizing and implementing cyber capabilities. These measures can range from monitoring your existing systems to educating your people about pertinent threats.

While some of your program initiatives can be led by in-house cyber teams, creating these teams has become increasingly challenging in recent years given that the demand for cyber talent in Canada is outpacing supply by 7 percent annually. Fortunately, outsourcing your cyber efforts can be just as effective, provided you collaborate with an organization that understands your specific business risks and is capable of helping implement the technology required to mitigate them.

Have a recovery plan in place
Cyber breaches can cause far-reaching damage for victims, from negative financial consequences to significant brand damage and regulatory penalties. That said, a strong, well-executed recovery plan can greatly reduce the severity of these consequences and, in some cases, even salvage a company’s reputation.

Such a plan should be established before a cyber event takes place, and should typically involve processes to:

• Document the incident, including how it was discovered, who reported it and how they were alerted, and who was affected
• Identify and isolate affected systems to preserve the “scene of the crime”
• Gather and analyze evidence (e.g., interview relevant players, proceed with a forensic investigation) 
• Investigate the possibility of insider involvement and take steps to minimize any potential risks
• Apply the lessons learned to strengthen network security, improve protocols, and enhance cyber vigilance

Expect the unexpected
As companies become more interconnected and increasingly reliant on technology and the internet to conduct business, cybercriminals will continue finding new ways to exploit them. The companies that will advance are those that continue to forge ahead, acknowledging that these threats exist and implementing the necessary measures to effectively manage a cyber crisis when it occurs.