5 lessons for leaders surviving a cyberattack
The 2020 attack on US government agencies and companies via SolarWinds’ manipulated network software, a so-called supply chain attack, shows the increasing depth and breadth of our vulnerability to cybercrime. Unfortunately, digital dependency and complexity favor cybercriminals – their return on successful cyberattacks is growing, and companies are finding it increasingly difficult to defend themselves.
Every business leader must therefore prepare for a situation in which their company is successfully attacked. There is a great deal of uncertainty. The first indications of a successful attack are often so vague that the initial impact on the company cannot be reliably determined. Defending against a cyberattack thus requires many parallel activities – assessing the impact, implementing technical defense measures, collecting evidence, rebuilding reliable IT systems and business processes, and communicating with customers and partners.
Five lessons will help you on Day X to successfully manage a serious and complex cyberattack.
Form a response team. Immediately set up a dedicated and interdepartmental team to deal with the cyberattack. Responding to a serious cyberattack cannot be done out of day-to-day operations. It will take days, weeks, perhaps months, and requires dedicated resources. The team must include experts from IT management, forensics, legal, and communications. The team must also have access to top management. Many necessary decisions, such as temporarily shutting down critical systems, can deeply impact business processes. High-level reporting is crucial to quickly making these decisions.
Consult with a cybersecurity firm. Responding to a cyberattack must be done quickly and simultaneously: analyzing the scope of the attack, taking ad hoc defense measures, documenting carefully, communicating in a resilient manner, and preparing for a recovery. The human resources for these tasks are usually not available at a high-quality level internally. Thus, you will need external support to scale your defenses. This is not a sign of weakness; it is a show of strength. Every company needs partners with the expertise and readiness to take on these critical project roles. (Pro tip: Consider joining your sector’s cybersecurity alliance. As sources for cyber intelligence information and resources, such industry and national partnerships are helpful for stopping attacks before they start.)
Contact the authorities. To successfully defend against cyberattacks, companies typically rely on cooperation with law enforcement. For instance, servers that control attacks or serve as drop zones for stolen confidential information must be shut down. Many cases also require breach reporting, because of personal data leaks or cyberattacks on critical infrastructure. Law enforcement agencies may also have insights about the attacker and their actions based on intelligence sources. Public-private partnerships between police forces, IT security agencies, and companies can help to find the right people to contact and reporting channels to use.
Talk with your stakeholders. In parallel to the analysis and defense of the attack, you must inform customers and partners about the attack and its effects in a timely and reliable manner. Customers expect fast, first-hand information. At the same time, they expect a reliable statement about the consequences, such as the loss of customer data or future supply failures. Here, communication must be carried out in several waves and very carefully. Your communications experts, legal team, and account managers must closely cooperate to develop and implement appropriate communication strategies.
Learn from the attack. Soon after the cyberattack, set up a follow-up project with your response team to gather all the lessons learned from the attack and from the defense. Based on this project, you can define what needs to be done in the next step, after the attack has been dealt with, in order to prevent or better avert future cyberattacks.
Those leaders who quickly and effectively establish these courses of action have every chance of surviving even a serious cyberattack and successfully organizing the company’s cyber defense. However, the most promising strategy is preparedness: those who already prepare for each of these five lines of action will have the best defenses. The membership and organization of an emergency team can already be precisely defined. Framework contracts with forensic experts, legal counsel, and a communications agency can be prepared. Participation in a corporate cybersecurity alliance or a public-private partnership can ensure that all key contacts, including those on the government side, are known. The reaction to cyberattacks – including and especially in external communications with customers, partners, and authorities – can be trained in a cyber exercise, including the internal decision-making processes in the company.
The next major cyberattack on your company is imminent. Hoping that it won’t hit your own company is not a wise business strategy. The leader who prepares for a cyberattack has the best chance of surviving one.
This article was originally published by Forbes on February 22, 2021, and republished with permission.