CYBER SECURITY OUTLOOK Confidence is the Key to Recovery After a Cyberattack

By Ken Fanger, MBA, CMMC-RP, President, On Technology Partners

Recovery after a cyberattack can often cause confusion and distress. The process of recovery can encompass a wide range of responses, but I’ve compiled a few main points to get you back on the road after addressing the breach and mitigating the fallout.

First and foremost: Relax. Nothing good is accomplished during a state of fear, panic, or chaos. Many people find themselves in a state of chaos following a cyberattack, making it difficult to stay focused on getting back on their feet. With the harm that attacks can cause financially, operationally, and emotionally, it is easy to get overwhelmed by feelings of frustration, violation, and helplessness. This is why your immediate reaction to a cybersecurity crisis should be to take a moment to recover yourself first.

Approaching the issue with a calm attitude and preparation will smooth the process and mitigate any rash decisions that end up causing more harm than good.

Make sure that you have addressed any outstanding legal issues and have determined the message that you want to share with the public. It is important to provide honest but positive messaging regarding how your company is addressing the problem, as well as the steps you are taking to ensure that the problem does not happen again. Having a single coherent message and legal statement can make a major difference in how you are able to recover in the long run, as well as how your business associates, clients, and customers view your business and security practices moving forward.

Keep Your Customers and Employees Informed.

This is a vital step in rebuilding trust. The more you can show that you are being proactive in addressing the events that happened, the more likely that your employees and customers will feel assured that it will not happen again. Transparency in addressing the issue is an essential part of ensuring that customers and employees will trust you in the future.

This is also an opportunity to assess your training policies and renew your employees’ confidence in doing their part in protecting the organization’s data. Security awareness training of your employees about current security threats, company security policies, and the personal role each plays in keeping your business safe from cyber threats is important and necessary.

Review Your Cyber Security Plan. After you have implemented your recovery plan, take some time to review how the process went. How quickly were you able to find the problem? What was the reason for the problem? And are there better actions or steps you can take next time? Asking the hard questions could help protect you from facing the same disaster again.

There is no doubt that recovering from a cyberattack, large or small, can be unpleasant. Ensuring you are confident, efficient, and transparent in your response can make all the difference.

Author profile: Ken Fanger, MBA has 30 years of industry experience in the fields of technology and cyber security, and is a sought-after CMMC Registered Professional, helping manufacturers and contractors to meet DoD requirements for CMMC compliance. He is passionate about technology deployment, and his MBA in Operations & Logistics has helped him to be an asset in the designing and deployment of networks to enhance the manufacturing experience. Over the past 5 years, he has focused on compliance and security, including working on the SCADA control system for the Cleveland Power Grid. Mr. Fanger works with each client to identify their unique needs, and develops a customized approach to meeting those needs in the most efficient and cost-effective ways, ensuring client success. n