Page 37

Cyber Security

establish the perimeters of what you know and what you don’t. From there, you need to determine if you will call in outside help. Many businesses specialise in providing cyber-attack support in addition to the advice available to businesses from the Australian Government’s Cyber Emergency Response Team (CERT). Regardless of the choice to in-source or seek out-sourced expertise, your next priorities are to: • Confirm the validity of the data leak - Knowledge is power. If the data is valid, this will shape a very different management response strategy to false claims of data theft. The process of validating the data may take some hours so rapid commencement is vital. • Identify and block the breach - This process may take days to many months to complete. It is methodical, detailed and painstaking. This ongoing exposure will pose a continued challenge to the business and the management team as it seeks to reassure staff and customers that the issue is under control. 3) Assess the Extent of Business Interruption Again, knowledge is power. To build an appropriate response strategy, you need to understand what parts of the business have been affected. In part this is a question about what data has been leaked. It is also a question of what other parts of your business’ IT systems have been affected. Anticipate that clearly establishing what has been impacted and what has not may take some time. The picture will become progressively more clear over a period of hours, and potentially days. In the meantime, it is necessary to plan and act on the basis of what you do know. This is where ensuring you have the right people in the room to assist decision making is essential. Whilst the incident may impact IT systems, this has the potential to cripple a business. It is important to consult with operational teams to truly understand the impacts of system outages on productivity. The business may be able to continue working almost as usual, suffering only productivity reductions due to delays and inconvenience. Or, if critical systems such as CRM’s, billing or logistics, are compromised it may be necessary to revert to paper-based work arounds supported by extensive customer outreach. Understanding the criticality of individual systems and developing work around options will enable your business to continue to function whilst the technical aspects of the incident are resolved. 4) Communicate Early and Often Communicating all of this complex and continually evolving information to staff and customers is a difficult challenge. In a rapidly moving media environment, poorly managed or ineffective communication can allow a media firestorm to evolve, leaving the business with two major issues to manage – the cyber attack and the media fire storm. Following a breach resulting in the release of personal data, a business has very few communication options available to it. As Symantec noted in their 2016 Internet Security Threat Report, “Transparency is critical to security”. Efforts to hide the extent of the hack, to shift blame or deny

“Gordon Moore (a founder of Intel) predicted on April 19 1965 that the power of computers would double every 18 monthstwo years and the price of computers would halve every 18 months-2 years.” responsibility will only compound the difficult circumstances faced by the business. Once you have confirmed the data leak is real, your response strategy needs to focus on minimising further harm to customers. This should be supported by your communications strategy. You can expect that every communication channel available to the public, from twitter to snail mail, will receive a major spike in activity. One of the biggest mistakes businesses make is failing to anticipate this deluge, not preparing key messages for rapid response and consequently responding slowly, inaccurately or not at all. Although the situation will change rapidly, and at the outset the business may face many unknowns, it is important to lead the communication process rather than reacting to mounting customer anger. Given all the uncertainties, your communications must be regularly updated. Further, as the incident runs into days, then weeks and months, your communication strategy must evolve to reflect the organisation’s changing objectives. In the immediate term, communications should focus on sharing known information and dispelling rumours. In the short term you should focus on communicating the extent of damage and reassuring customers that you have a clear strategy in place to address the issue. Over the medium to longer-term, your focus will shift to rebuilding your brand and customer confidence. Honesty, and communications centred firmly in your organisation values, is the only path that will allow a business to survive a cyber-attack and salvage its reputation. A major hack will cause disruption to normal operations for weeks to months and will occupy a disproportionate amount of the executive team’s time. However, beneath all the noise, the business must continue to operate, serving its customers and sustaining its revenue and market share. Strong leadership, regular communication and clearly articulated values provide the basis for an effective management strategy. With a clear understanding of the nature of the attack, its current and future potential impacts, an executive team can successfully lead a business through a cyber-attack. About Lex Drennan, B. Bus Mgmt, M. Public Admin. About the Author Lex is a Senior Specialist in risk consulting for CGU, one of Australia’s largest insurers. She has an extensive background in crisis and emergency management, planning and training, complemented by experience in operational response to events spanning bomb threats, natural disasters to counterterrorism operations. In her spare time, she is also an Adjunct Research Fellow at Griffith University where she researches disaster resilience, adaptation and government policy.

Chief IT Magazine | 37

Profile for Asia Pacific Security Magazine Magazine - Sept/Oct 2016 Magazine covers the domains of Information Technology and Innovation. Be kept up-to-date with all the latest industry news and pr... Magazine - Sept/Oct 2016 Magazine covers the domains of Information Technology and Innovation. Be kept up-to-date with all the latest industry news and pr...

Profile for apsm