{"id":32379,"date":"2020-02-06T05:02:04","date_gmt":"2020-02-06T10:02:04","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&p=32379"},"modified":"2021-08-02T05:30:38","modified_gmt":"2021-08-02T09:30:38","slug":"cyber-incidence-communication-response","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/cyber-incidence-communication-response\/32379\/","title":{"rendered":"Why now is the right time to plan your incident response communication"},"content":{"rendered":"

There\u2019s a good chance cybercriminals could soon access your data. According to 2020 Thales Data Threat Report conducted by IDC<\/a>, breaches are increasing worldwide. 1 in 2 US companies have experienced a data breach, and 1 in 4 in the last year.<\/p>\n

Companies are now starting to focus not only on preventing breaches but planning to limit their impact.<\/p>\n<\/blockquote>\n

This change of focus involves classic strategies, like buying extra security solutions that detect attacks early, hiring new incident responders and training an existing team to react more effectively. It also brings new faces to the activity most prone to falling through the cracks: post-breach crisis communication.<\/p>\n

Applying a reputation rebuild<\/h2>\n

Consumers are now much more concerned about data privacy. In the US, 83 percent, and Britain, 44 percent of consumers say they stop spending with companies after data breaches<\/a> for several months. Many say they\u2019ll never go back.<\/p>\n

The need to rebuild their reputation sees companies spending on average $161,000 US dollars on PR after a breach<\/a>.<\/p>\n

What is good crisis communication during cybersecurity incidents?<\/h2>\n

Cybersecurity professionals agree that data breach response should happen across the business, not just in IT Security.<\/p>\n

Despite this, many companies struggle to respond fast enough, with enough information to quell the rumors. But preparing in advance for IT security incident crisis communication can fast restore a good reputation when it happens.<\/p>\n

I speak from experience. We discovered an advanced nation-sponsored attack on Kaspersky\u2019s internal network in 2015<\/a>. With coordinated and cooperative work across different departments, we could control incident communications, building our reputation as transparent<\/a> and responsible.<\/p>\n

We based our response around five understandings.<\/p>\n

1.\u00a0\u00a0\u00a0 Involve everyone in crisis management planning<\/h3>\n

Companies should plan for how they\u2019ll communicate about any situation they might face. A cybersecurity incident should be one of these.
\n\"cyber
\nYour crisis management plan should include people from all departments, That means IT Security, IT, legal, customer support and corporate communications for a start.<\/p>\n

2.\u00a0\u00a0\u00a0 Educate non-IT employees on IT security basics<\/h3>\n

Building a cyber-aware culture at work<\/a> has benefits beyond incident response.<\/p>\n

As a minimum, all those who will be involved in responding to a cybersecurity incident need a basic understanding of IT security.<\/p>\n<\/blockquote>\n

3.\u00a0\u00a0\u00a0 Have different plans for different types of incidents<\/h3>\n

You\u2019ll probably need separate plans for different kinds of issues. The reputation impact of an advanced persistent threat (APT)<\/a> that lets cybercriminals spy on business activities will be changed to that of business-halting ransomware<\/a>. Use the company\u2019s threat model to identify the most likely scenarios you\u2019ll need crisis communication plans for.<\/p>\n

4.\u00a0\u00a0\u00a0 Prepare alternative internal communication<\/h3>\n

If hackers have compromised email, IP-telephony, direct messages and phone or video calls, you\u2019ll need secure channels to use to keep employees updated and plan your response.<\/p>\n

In this situation, involved employees should use encrypted channels. Prepare non-technical staff in advance by explaining the need for encrypted messaging, how to install it and how to use it.<\/p>\n

5.\u00a0\u00a0\u00a0 When you disclose, be specific<\/h3>\n

When they\u2019re not given enough detail, people tend to speculate. When disclosing an incident, say exactly what happened, how it affects customers and partners, and what you\u2019re doing about it.<\/p>\n

Every task is urgent when responding to a security incident, but only IT Security can give corporate communications the details that will let them write an accurate and informative statement. IT Security should prioritize conveying this information, alongside their most urgent post-breach tasks.<\/p>\n

The success of Kaspersky\u2019s and others\u2019 crisis communication in response to major incidents shows that even when cybercriminals succeed, good communication can still win the day. And like many things in business, it\u2019s all about the planning.<\/p>\n","protected":false},"excerpt":{"rendered":"

Planning crisis communication before a data breach happens can help restore your business\u2019s reputation fast.<\/p>\n","protected":false},"author":2560,"featured_media":32473,"template":"","coauthors":[3676],"class_list":{"0":"post-32379","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-cybersecurity","7":"emagazine-category-safer-business","8":"emagazine-category-transparency","9":"emagazine-tag-data-security","10":"emagazine-tag-incident-response","11":"emagazine-tag-privacy"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/cyber-incidence-communication-response\/32379\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/cyber-incidence-communication-response\/21761\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/secure-futures-magazine\/cyber-incidence-communication-response\/20300\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/secure-futures-magazine\/cyber-incidence-communication-response\/16167\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/32379","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2560"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/32473"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=32379"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=32379"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}