Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

End of Bibblio RCM includes -->
6/22/2021
10:00 AM
Ted Birkhahn
Ted Birkhahn
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv

Does Your Cyberattack Plan Include a Crisis Communications Strategy? 5 Tips to Get Started

Don't overlook crisis communications in your cybersecurity incident response planning.

In the first half of 2021, the United States has seen a 102% increase in ransomware attacks since early last year. From Colonial Pipeline to Microsoft Exchange, the pervasiveness and sophistication of these attacks continue to intensify. With such staggering numbers, it is easy to become desensitized. But each incident involves potentially ruinous effects on an enterprise that carry profound business, legal, financial, and reputational implications.

Related Content:

The True Cost of a Ransomware Attack

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: How President Biden Can Better Defend the US From Russian Hacks

During a cyberattack, one of the most overlooked — and consequential — areas for enterprises is implementing an effective crisis communications strategy. Just as you need to shore up the technology, legal, financial, and compliance aspects of your cybersecurity preparation plan, you must also prioritize crisis management and communications/

But where should you start? Below are five crisis communications tips to form the foundation of your strategy.

Tip 1: Be Prepared to Respond Quickly
Our media landscape is characterized by a 24/7 news cycle, ubiquitous social media channels, and misinformation powered by algorithmic artificial intelligence (AI) and delivered instantly on a global scale to billions of people. This shows no sign of abating. What does that mean? Time is not on your side. But with an actionable plan in place, you will be much better prepared. An actionable crisis communication plan consists of:

  • Collection: Before acting, you must first implement a mechanism to collect information. By having a clear picture of the threats and risks your company faces — before or during a cyberattack — you will be able to make more-informed decisions. This will answer crucial questions like: What happened? When did it happen? How did it happen? And why did it happen?

  • Assessment: The information has been collected. Now what? The assessment phase involves digging into which stakeholders were impacted and how they were affected. Each group of stakeholders — whether employees, customers, suppliers, regulators, or investors — has distinct and overlapping needs. Understanding their needs and primary concerns enables businesses to craft effective messages, identify the right spokespeople to deliver the message, and distribute communications through the right channels.

  • Response: You are entering the execution phase — decisions are being made. During this stage, it is important to determine what messages and talking points will be conveyed, the specific channels you will use to communicate the messages, and how you will monitor stakeholder responses.

  • Evaluation: It is now time to evaluate. How are stakeholders feeling and responding? What is the general sentiment? Along with this, you should have a good understanding of the messages that resonate most vs. those that are not quite hitting the mark. These insights will help you recalibrate your messaging accordingly.

Tip 2: Establish a Virtual War Room to Monitor and Assess
With your crisis communications framework in place, it is time for action. Picture this: your company is the target of a ransomware attack. And while desperately trying to address the incident, media are beginning to report the incident, citing reports on Twitter. Information — fragmented at best, wholly inaccurate at worst — is circulating widely. Who and where are your eyes and ears?

It will feel like the fog of war. With so much happening at once, it is critical to have monitoring mechanisms set up to track activity on social media, news coverage, employee feedback, and customer feedback. This information needs to be packaged and delivered into easy-to-digest dashboards that you can use to track and understand changes in sentiment, perception, and the overall dialogue.

Tip 3: Embrace the Notion of Radical Transparency With Your Key Stakeholders
In a cyber crisis, trust can be built or broken depending on how and when a company responds in the hours and days following the breach. In a perfect world, a swift and effective crisis response is ideal; however, if companies need to sacrifice one over the other, taking more time to respond with intention takes precedence over a quick, yet insufficient response.

Speed is certainly important. Yet the inherent damage that can be wrought if your stakeholders smell a hint of evasion or fabrication will have long-lasting and detrimental effects on brand trust and reputation.

Tip 4: Set Goals and Benchmarks but Be Flexible
Cyber crises are not linear; they are fluid and unpredictable. The ability to pivot is a key characteristic of a good crisis response. What does that mean? Just as the proliferation of news and social channels presents threats and risks to a brand's reputation, they can also be leveraged to successfully combat misinformation from a cyberattack. It is critical to understand and use the best channels to reach audiences with the right messages at the right time.

Tip 5: Admit Fault Quickly
With recovery in mind, admitting fault is the fastest way to restore trust and rebuild relationships with affected stakeholders. Yet it needs to be done in close consultation with the legal team. An effective crisis communications response requires a strong and healthy relationship between legal and communications teams. Too often, enterprises bungle their initial responses by equivocating and being vague and indirect about the incident.

Remember this: Brand trust and credibility are fostered by perceived transparency, forthrightness, and honesty. Squandering this critical first opportunity could prove damaging if your company is regarded as unaccountable.

Will Your Company Be Prepared for the Next Cyberattack?
Prioritizing communications will ensure your enterprise is more prepared to identify the nature of the attack; understand the scope of what stakeholders have been affected; uncover primary concerns and needs of stakeholders; craft messaging that resonates and provides assurance; and, ultimately, mitigate the reputational fallout of the attack.

This is a critical and underappreciated component of any cybersecurity preparation plan. There is no reason to be caught off guard when the stakes are so high.

 

Ted Birkhahn is president of HPL Cyber, a brand, marketing, and communications firm that helps cybersecurity companies grow. Ted's experience as a strategic marketer and communicator spans more than 25 years working as a journalist, press secretary, and as an agency ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9754
PUBLISHED: 2022-06-27
NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
CVE-2022-33146
PUBLISHED: 2022-06-27
Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
CVE-2022-33202
PUBLISHED: 2022-06-27
Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative pat...
CVE-2022-2206
PUBLISHED: 2022-06-26
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-30932
PUBLISHED: 2022-06-26
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.