In the realm of cyber security, the prevalence of cyber attacks is a well-known fact. These attacks are not only increasing in frequency but also causing greater harm to both businesses and individuals. As a result, there is a constant emphasis on the need for better preparation and prevention measures to combat these threats. While the focus is often on general prevention strategies and employee training, many companies are also investing in developing contingency plans for cyber attacks based on their experiences and consultations.
However, the existing contingency plans often tend to prioritize technical measures, with little attention paid to crucial organizational aspects. According to Christopher Robinson, the lead security architect at the Linux Foundation, these plans often lack strategic preparedness, especially in areas such as team composition, communication with stakeholders, and leadership responsibilities during a crisis.
The manner in which a Chief Information Security Officer (CISO) leads during a cyber crisis can be the key factor in successfully mitigating the impact on the organization. Various security experts and CISOs who have dealt with critical incidents in the past share their best practices for crisis management:
### Clear Role Definition to Avoid Confusion
Ambiguity in role assignments can lead to confusion during a crisis, as highlighted by experts like Greg Crowley, CISO of eSentire, and Esteban Gutierrez, CISO at New Relic. Clear responsibilities during a crisis are crucial for effective decision-making and coordination. The CISO should assume operational responsibility, while the CEO retains the final decision-making authority.
### Building Trust through Preparation
In a crisis, authority alone is not enough—CISOs need to involve the entire organization. Pablo Riboldi, CISO at BairesDev, emphasizes the importance of regular training to strengthen role understanding and trust within the organization. James Ngui from Trend Micro recommends realistic simulations to prepare teams for emotional stress and decision-making under pressure.
### Tabletop Exercises for Crisis Preparedness
Tabletop exercises, according to Larry Lidz from Cisco and Robinson, are effective in preparing employees for crises by promoting a different mindset, understanding decision-making processes, and enabling faster and more targeted responses in real incidents. These simulations create a form of “muscle memory” for employees, instilling confidence in handling actual crises.
### Calm Leadership Strengthens Teams
Apart from preparation, maintaining composure and strategic leadership during cyber crises are essential. Esteban Gutierrez highlights the positive impact of composed behavior under pressure on teams and stakeholders. Greg Crowley warns against getting bogged down in technical details during crises, emphasizing the need for strategic leadership, calm communication, and seeking external assistance when necessary.
### Interdisciplinary Collaboration for Better Crisis Management
Effective communication and strong relationships are critical during cyber crises. Technical professionals must communicate clearly and avoid jargon to facilitate informed decision-making. Building relationships with stakeholders before an incident helps build trust, improve collaboration during crises, and facilitates CISOs’ leadership during emergencies. Cross-departmental collaboration, especially with teams from marketing, sales, and finance, is crucial for leveraging specific expertise within the organization.
### Taking Responsibility, Avoiding Blame
Following a cyber attack, transparent communication and taking responsibility are key. Adriyan Pavlykevych, CISO at SoftServe, shares his experience of successfully managing a ransomware attack by keeping stakeholders informed and proactively addressing security protocols post-incident. Sakshi Grover from IDC emphasizes the importance of CISOs taking charge, communicating openly, and involving external support to rebuild trust and secure future security investments.
In conclusion, effective crisis management in the realm of cyber security requires a comprehensive approach that combines technical expertise with strategic leadership, clear communication, and collaboration across departments. By implementing best practices and fostering a culture of preparedness, organizations can enhance their resilience to cyber threats and minimize the impact of potential crises.