Preparing to manage a cyber crisis and communicate

1. Anticipating and preparing: assets in cyber crisis management

Cyber threats have evolved and have given rise to attacks with increasingly visible and strong impacts. Cyberattackers no longer limit themselves to exerting pressure on the activity of victim structures, they also tend to play on reputational levers, notably via the personal and/or sensitive data processed by organisations. It is thus common to observe in the news the quadruple punishment of companies victims of ransomware: encrypted information system, financial blackmail, leakage of personal data, and impacts on the activity.

When faced with a cyber crisis, “the more regular the preparation, the more effective the response“.

Crisis management procedures are the first line of defence. The second is team awareness—particularly through the introduction to best practices. It is then necessary to test this knowledge during exercises and crisis simulations in order to transform it into reflexes. These are aimed at various decision-making and operational bodies (BOARD/EXCO, legal, communication, and IT teams) and are based on specific, concrete scenarios (attacks by ransomware, cyber fraud, compromise of social media, etc.) in line with the context and needs of the company. The combination of theoretical and practical training will provide an optimised reaction capacity in a degraded situation, thus saving precious minutes on the day.

Maintaining the operational condition of the crisis system requires regular updating (according to the evolution of cyber risks of the organisation) and regular training of resources.

2. Prepared communication is better than declared absence thereof

Faced with increasingly broadcast attacks that affect all levels of the organisation, companies and institutions must strengthen their cyber crisis communication. What public opinion and stakeholders no longer forgive is not being the victim of a cyberattack, but not knowing how to manage, failing to provide an operational response, and hiding the reality of the situation. This is precisely the challenge that cyber crisis communication must address.

This is especially true in the case of ransomware that renders the IS encrypted and inoperable. At this stage, social media are an effective way to quickly reach a large audience. While “classic” communication channels are sometimes unusable, social media—that are completely dissociated from the organisation’s information system—are an effective alternative to the victim organisation’s email or website.

Moreover, ransomware attacks have transformed the media landscape of cyber crises, which they have made visible through their strong impact on the business. The number of companies “forced” to communicate has developed a collective awareness of the extent of the cyber threat and of the multitude and variety of targets involved. Moreover, faced with journalists who are aware of and trained in the subject—or even specialised in it—the journalistic approach is no longer limited to transcribing the company’s statements: it is a real investigation. While this allows for less one-sided media coverage of cyberattacks, it can be a major challenge for communications teams whose work is made more complex.

Finally, in addition to external communication, regular and comprehensible information sharing is also essential between the various functions (CISO, IT, BCP, HR, etc.) within the structures in order to keep them informed of the recovery. To facilitate exchanges between the different actors of the structure, training sessions dedicated to each business team are available to allow them to identify the key information to be transmitted to the business and the way to do it, thus allowing a more fluid global communication.