Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

6/22/2021
10:00 AM
Ted Birkhahn
Ted Birkhahn
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Does Your Cyberattack Plan Include a Crisis Communications Strategy? 5 Tips to Get Started

Don't overlook crisis communications in your cybersecurity incident response planning.

In the first half of 2021, the United States has seen a 102% increase in ransomware attacks since early last year. From Colonial Pipeline to Microsoft Exchange, the pervasiveness and sophistication of these attacks continue to intensify. With such staggering numbers, it is easy to become desensitized. But each incident involves potentially ruinous effects on an enterprise that carry profound business, legal, financial, and reputational implications.

Related Content:

The True Cost of a Ransomware Attack

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: How President Biden Can Better Defend the US From Russian Hacks

During a cyberattack, one of the most overlooked — and consequential — areas for enterprises is implementing an effective crisis communications strategy. Just as you need to shore up the technology, legal, financial, and compliance aspects of your cybersecurity preparation plan, you must also prioritize crisis management and communications/

But where should you start? Below are five crisis communications tips to form the foundation of your strategy.

Tip 1: Be Prepared to Respond Quickly
Our media landscape is characterized by a 24/7 news cycle, ubiquitous social media channels, and misinformation powered by algorithmic artificial intelligence (AI) and delivered instantly on a global scale to billions of people. This shows no sign of abating. What does that mean? Time is not on your side. But with an actionable plan in place, you will be much better prepared. An actionable crisis communication plan consists of:

  • Collection: Before acting, you must first implement a mechanism to collect information. By having a clear picture of the threats and risks your company faces — before or during a cyberattack — you will be able to make more-informed decisions. This will answer crucial questions like: What happened? When did it happen? How did it happen? And why did it happen?

  • Assessment: The information has been collected. Now what? The assessment phase involves digging into which stakeholders were impacted and how they were affected. Each group of stakeholders — whether employees, customers, suppliers, regulators, or investors — has distinct and overlapping needs. Understanding their needs and primary concerns enables businesses to craft effective messages, identify the right spokespeople to deliver the message, and distribute communications through the right channels.

  • Response: You are entering the execution phase — decisions are being made. During this stage, it is important to determine what messages and talking points will be conveyed, the specific channels you will use to communicate the messages, and how you will monitor stakeholder responses.

  • Evaluation: It is now time to evaluate. How are stakeholders feeling and responding? What is the general sentiment? Along with this, you should have a good understanding of the messages that resonate most vs. those that are not quite hitting the mark. These insights will help you recalibrate your messaging accordingly.

Tip 2: Establish a Virtual War Room to Monitor and Assess
With your crisis communications framework in place, it is time for action. Picture this: your company is the target of a ransomware attack. And while desperately trying to address the incident, media are beginning to report the incident, citing reports on Twitter. Information — fragmented at best, wholly inaccurate at worst — is circulating widely. Who and where are your eyes and ears?

It will feel like the fog of war. With so much happening at once, it is critical to have monitoring mechanisms set up to track activity on social media, news coverage, employee feedback, and customer feedback. This information needs to be packaged and delivered into easy-to-digest dashboards that you can use to track and understand changes in sentiment, perception, and the overall dialogue.

Tip 3: Embrace the Notion of Radical Transparency With Your Key Stakeholders
In a cyber crisis, trust can be built or broken depending on how and when a company responds in the hours and days following the breach. In a perfect world, a swift and effective crisis response is ideal; however, if companies need to sacrifice one over the other, taking more time to respond with intention takes precedence over a quick, yet insufficient response.

Speed is certainly important. Yet the inherent damage that can be wrought if your stakeholders smell a hint of evasion or fabrication will have long-lasting and detrimental effects on brand trust and reputation.

Tip 4: Set Goals and Benchmarks but Be Flexible
Cyber crises are not linear; they are fluid and unpredictable. The ability to pivot is a key characteristic of a good crisis response. What does that mean? Just as the proliferation of news and social channels presents threats and risks to a brand's reputation, they can also be leveraged to successfully combat misinformation from a cyberattack. It is critical to understand and use the best channels to reach audiences with the right messages at the right time.

Tip 5: Admit Fault Quickly
With recovery in mind, admitting fault is the fastest way to restore trust and rebuild relationships with affected stakeholders. Yet it needs to be done in close consultation with the legal team. An effective crisis communications response requires a strong and healthy relationship between legal and communications teams. Too often, enterprises bungle their initial responses by equivocating and being vague and indirect about the incident.

Remember this: Brand trust and credibility are fostered by perceived transparency, forthrightness, and honesty. Squandering this critical first opportunity could prove damaging if your company is regarded as unaccountable.

Will Your Company Be Prepared for the Next Cyberattack?
Prioritizing communications will ensure your enterprise is more prepared to identify the nature of the attack; understand the scope of what stakeholders have been affected; uncover primary concerns and needs of stakeholders; craft messaging that resonates and provides assurance; and, ultimately, mitigate the reputational fallout of the attack.

This is a critical and underappreciated component of any cybersecurity preparation plan. There is no reason to be caught off guard when the stakes are so high.

 

Ted Birkhahn is president of HPL Cyber, a brand, marketing, and communications firm that helps cybersecurity companies grow. Ted's experience as a strategic marketer and communicator spans more than 25 years working as a journalist, press secretary, and as an agency ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37759
PUBLISHED: 2021-07-31
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVE-2021-37760
PUBLISHED: 2021-07-31
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVE-2020-26564
PUBLISHED: 2021-07-31
ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link to this .css file), and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey['importFil...
CVE-2020-26565
PUBLISHED: 2021-07-31
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data.
CVE-2020-26806
PUBLISHED: 2021-07-31
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code.