Saturday, September 30, 2023

The 4 Golden Pillars Of An Effective Cyber Disclosure Plan

 


Yesterday’s blog was all about some of the legal repercussions that your business could possibly face if you have been impacted by a Cyber-attack.  The moral of the story here is that while restoring mission critical operations is of utmost importance, you will also have other areas of huge responsibility.  One of them, as also mentioned, is the full disclosure of what has happened to all of the relevant parties. 

So what are some of the steps that you can take to make this happen?  Here are four of them that you, the CISO, and your IT Security team can follow:

1)     Be open and transparent:

This is just as easy as it sounds.  If something happens, you need to notify all impacted parties immediately.  But of course, there is a way of saying things, so you may want to hire a PR specialist that knows how to craft the language in what to specifically say.  For example, you don’t want to say too much (because of the nature of the investigation), and you don’t want to say too little either.  You just want to say the right amount. And of course, you want to keep the language as non-techno jargon as possible, so that people can understand what has happened to them.

2)     Reign in high levels of trust:

Throughout your entire communication process both in the short and long term, you need to foster a sense of trust.  For instance, once you have been impacted by a security breach, there is a very high probability that you could lose some of your customers.  You have no control over this, as they could very well lose faith in your word.  This always happens.  But the key point to remember here is that you have to stay stead fast and calm.  You want to let your customers know that you are addressing the situation, and that you are doing everything you can to find out what happened.  By doing this, the probability of losing more customers should diminish.  But also remember, you have to remedy their own individual fears.  To do this, you should start up an emergency hotline number, and make sure that at least somebody answers it after business hours.  Also consider setting up an email also, which can be watched on a 24 X 7 X 365 basis.  And as mentioned yesterday, you will also need to provide extra services for some time, like free credit report monitoring.

3)     Have that Incident Response Plan in place:

This is something that I have written ad nauseum also.  Nobody really cared about having one in place when the COVID-19 pandemic hit, now businesses are starting to full realize the value of having one.  Not only is it important to have a detailed document, but it must be rehearsed on a regular basis (at a minimum, once a quarter), and it must be updated with the lessons learned after each exercise.  Even more important is to have responsible employees you know that you can count on to respond quickly should a security breach occur.  Also, ti is imperative that you keep the contact information of each team member updated.  Having this plan in place and practicing it will pay huge dividends in the long run.

4)     Keep an eye on the Threat Environment:

By this I mean that you, the CISO, and you and your IT Security team need to keep a close eye on the Threat Landscape.  Obviously, given the dynamics of it changing by the minute, it is impossible for any human being to do this.  But the good news here is that if you use a Cloud provider like Microsoft Azure, a lot of these tools are already available, and they can pretty much keep that eye out for you.  I know for a fact that this platform makes use of AI and ML pretty heavily as well to make this possible.  Heck, they even provide a SIEM so that you can watch everything from one central location in a holistic view.

My Thoughts On This:

One thing I forgot to mention is to have a robust triaging system in place.  Again, Azure pretty much has the tools to help you do this, but one of the most important aspects here is that you want to completely filter out the false positives.  This will help your IT Security team to avoid “Alert Fatigue”, and appropriately respond to the real warnings and alerts that come in.

Also, keep track of the major vulnerabilities that come out by using other sources.  Some of the most reliable ones include those from OWASP and CISA.  Of course, the major Cyber vendors also publish these in different venues as well, and are open to anybody who would like to access them.  A good example of this can be seen at the link below:

https://www.deepwatch.com/deepwatch-releases-2023-adversary-tactics-and-intelligence-ati-annual-threat-report/

No comments:

Post a Comment

How To Launch A Better Penetration Test In 2025: 4 Golden Tips

  In my past 16+ years as a tech writer, one of the themes that I have written a lot about is Penetration Testing.   I have written man blog...