Why Incident Response Strategy Is Critical to Cyber Defense
When cybersecurity incidents make the news, executives and board members at unaffected companies become alarmed, which can result in a cascade of questions to IT leaders and their teams. To avoid drowning in a deluge of panic and requests:
Relentlessly and proactively update your executives. Prepare a brief in advance and make it factual to avoid further fear. Include your external threat reporting, but enrich it with internal context, highlighting the potential impact on your organization and the overall risk to the business. Take the opportunity to remind your executives what tactical activities you’re undertaking to deal with the immediate issues, as well as how your strategy will serve to prepare for such events, now and in the future. Be clear on when you will update the executives next and what topics you’ll cover. Reassure them that if there is a major incident, you’ll update them in line with the major incident processes of the organization.
Develop a FAQ document for your board and executives. In many organizations, security is a new and scary topic for executives and board directors. Make their lives easier by creating reference materials, such as a FAQ, to guide discussions. This will help them ask the right questions about the implications of global conflict, such as “What is the current advice from our government?” or “What is our current level of risk?” Not only will you get the opportunity to guide the discussion, but you will invite an open line of communication with your stakeholders and give them the opportunity to engage with you in a meaningful and safe way.
Consider secure communications tools for security, privacy and reliability. Firms concerned about the security and privacy of business communications — such as eavesdropping, communications metadata exposure, data loss or noncompliance — should take steps to protect corporate communications. Enterprise-class encrypted messaging and calling solutions work in low-bandwidth environments. And these tools aren’t one-off investments; you can use them to protect everyday communications, as out-of-band communications channels during incident responses, and to provide traveling executives with enhanced security.
The use of cyberoperations as a precursor to and a tactic of military operations, as well as a tool of retaliation, is here to stay. In future conflicts, great and small, expect both sides to spread and amplify disinformation, soften targets with preemptive cyberattacks on government and critical infrastructure, sow chaos and fear with cyberattacks on allies and supporters, raise funds through ransomware, and steal intelligence with cyberespionage. This is our new reality.