Yesterday’s blog was all about some of the legal
repercussions that your business could possibly face if you have been impacted
by a Cyber-attack. The moral of the
story here is that while restoring mission critical operations is of utmost
importance, you will also have other areas of huge responsibility. One of them, as also mentioned, is the full disclosure
of what has happened to all of the relevant parties.
So what are some of the steps that you can take to make this
happen? Here are four of them that you,
the CISO, and your IT Security team can follow:
1)
Be open and transparent:
This is just as easy as it
sounds. If something happens, you need
to notify all impacted parties immediately.
But of course, there is a way of saying things, so you may want to hire
a PR specialist that knows how to craft the language in what to specifically
say. For example, you don’t want to say
too much (because of the nature of the investigation), and you don’t want to
say too little either. You just want to
say the right amount. And of course, you want to keep the language as non-techno
jargon as possible, so that people can understand what has happened to them.
2)
Reign in high levels of trust:
Throughout your entire communication
process both in the short and long term, you need to foster a sense of
trust. For instance, once you have been
impacted by a security breach, there is a very high probability that you could
lose some of your customers. You have no
control over this, as they could very well lose faith in your word. This always happens. But the key point to remember here is that you
have to stay stead fast and calm. You want
to let your customers know that you are addressing the situation, and that you
are doing everything you can to find out what happened. By doing this, the probability of losing more
customers should diminish. But also
remember, you have to remedy their own individual fears. To do this, you should start up an emergency hotline
number, and make sure that at least somebody answers it after business hours. Also consider setting up an email also, which
can be watched on a 24 X 7 X 365 basis.
And as mentioned yesterday, you will also need to provide extra services
for some time, like free credit report monitoring.
3)
Have that Incident Response Plan in place:
This is something that I have
written ad nauseum also. Nobody really
cared about having one in place when the COVID-19 pandemic hit, now businesses
are starting to full realize the value of having one. Not only is it important to have a detailed document,
but it must be rehearsed on a regular basis (at a minimum, once a quarter), and
it must be updated with the lessons learned after each exercise. Even more important is to have responsible employees
you know that you can count on to respond quickly should a security breach
occur. Also, ti is imperative that you keep
the contact information of each team member updated. Having this plan in place and practicing it
will pay huge dividends in the long run.
4)
Keep an eye on the Threat Environment:
By this I mean that you, the CISO,
and you and your IT Security team need to keep a close eye on the Threat Landscape. Obviously, given the dynamics of it changing by
the minute, it is impossible for any human being to do this. But the good news here is that if you use a
Cloud provider like Microsoft Azure, a lot of these tools are already available,
and they can pretty much keep that eye out for you. I know for a fact that this platform makes
use of AI and ML pretty heavily as well to make this possible. Heck, they even provide a SIEM so that you
can watch everything from one central location in a holistic view.
My Thoughts On This:
One thing I forgot to mention is to have a robust triaging
system in place. Again, Azure pretty
much has the tools to help you do this, but one of the most important aspects
here is that you want to completely filter out the false positives. This will help your IT Security team to avoid
“Alert Fatigue”, and appropriately respond to the real warnings and alerts that
come in.
Also, keep track of the major vulnerabilities that come out
by using other sources. Some of the most
reliable ones include those from OWASP and CISA. Of course, the major Cyber vendors also
publish these in different venues as well, and are open to anybody who would like
to access them. A good example of this can
be seen at the link below:
No comments:
Post a Comment