Why communication is vital during a cyber-attack

Cyber-attacks are a constant threat to organisations. Cloud-based communications platforms can help an organisation improve emergency communications and recover from the effects of a cyber-attack.

In today’s globalised business environment, organisations of all sizes face the prospect of falling victim to a cyber-attack or IT outage that could cause serious damage to its infrastructure and ability to operate. The need to combat cybercrime is rising up the Government’s agenda with the opening of the National Cyber Security Centre. According to the National Cyber Security (NCSC) 2016-2021 report, NCSC’s role will be to manage national cyber incidents, provide an authoritative voice and centre of expertise on cyber security, and deliver tailored support and advice to government departments, the devolved administrations, regulators and businesses.

Despite the improvement of cyber-security techniques, criminals have developed sophisticated ways to disrupt systems and steal data. The need to prepare for cyber-attacks is more important than ever.

True cost of cyber-attacks

According to Cisco’s 2017 Annual Cybersecurity Report more than one third of the organisations that experienced a cyber breach in 2016 reported a loss of customers, business opportunities and revenue. The 2017 SonicWall Annual Threat Report reported an increase from 3.8 million ransomware attacks in 2015 to 638 million in 2016. In March 2016 alone, ransomware attack attempts rose from 282,000 to 30 million.

Cyber-attacks cost UK businesses a total of £34.1 billion between Summer 2015 and 2016, with each attack costing an average of £4.1 million and taking 31 days to resolve. Whilst large corporations—that invest millions of pounds in cyber-security—have the potential to recover easily from such a crisis, for most Small/Medium Enterprises (SME’s) and Non-Governmental Organisations (NGO’s) cyber breaches can have more far-reaching and detrimental consequences.

No business is safe

Investing large sums of money into cyber-security is not a pre-requisite for success, as shown by a number of recent high profile cyber-attacks against large corporations all over the world—including the BBC, Sony’s PlayStation Network, HSBC and eBay.

Sony lost control of its entire network. Hacker group Guardians of Peace stole personal information from tens of thousands of current and former workers and published them on the web. This included social security numbers, salaries of top executives and five Sony-produced movies.

More than 155,000 TalkTalk customers had their personal information, including bank details, accessed by hackers as a result of the data breach in October 2015. Last year, following a hack in 2012, LinkedIn reported the extent of the damage with more than 117 million people personal details offered for sale.

It is not just large organisations that are targeted; government departments and agencies, rail networks and local businesses regularly find themselves in the same position. When attacks occur, crucial services are compromised and the reputational impact can quickly reduce consumer confidence and brand value.  Large scale attacks also have the ability to impact share price value. Planning what to do when a cyber-attack occurs is important, but how victims communicate in an attack is equally critical.

Importance of effective communication in a crisis

In the event of an emergency, effective communication is crucial. When IT systems go down an organisation needs to be able to communicate with its employees and co-ordinate an effective response. The longer this process takes, the bigger impact the crisis will have.

A successful cyber-attack can affect multiple communication methods:

  • If your phone and voice mail system is VOIP-based, you may lose your company phone system.
  • If your employee hotline runs through your voice system, this could also be lost.
  • If your company website is hosted in-house, it may go down, meaning customers, employees, the general public, and the media cannot find you.
  • If company telephone bridges are running through your phone network, they may not be available.
  • If the core network is compromised, every computer becomes a standalone machine with no access to company record. Human resource information, employee contact information, vendor lists, or other key phone lists may be inaccessible.

With multiple resources affected, how will you communicate? A critical communication platform can be used for the following:

  • Employee information: pushing information to employees about the company status and messaging.
  • Conference bridges: using toll-free conference bridges for employee, vendor, senior management, Board of Directors, and other key stakeholder phone calls.
  • Stakeholder groups: using pre-defined groups that had been created for key stakeholders to push information via phone, text or email.

As no business or organisation is totally immune from the dangers of a cyber-attack, it is vital that crisis management plans are in place to minimise impact and ensure a return to business-as-usual practice as quickly as possible.

An effective crisis management plan consists of two key components: quick, reliable and secure communication with all employees to notify them of the situation and the efficient deployment of resources to resolve the issue.

It is important that businesses consider the following questions to prepare for a cyber-attack:

What threats could impact your organisation?

Companies have to understand the type of threat the organisation could experience and the impact it could have.  For example, it could result in loss of services or data. The solution will differ depending on the threat.

Do you have a response plan? 

Cyber-attacks often happen out of office hours. An IT incident response plan must be in place to combat an attack even if it happens at 5am. An efficient response plan will include methods of communication for specific stakeholders. Alerts will also differ depending on if the attack has just occurred and if malicious code has laid dormant on the network. IT engineers require different instructions to regular employees.

Who needs to be included in an IT incident response plan?

  • IT Security: is likely to fix the issue. If an organisation does not have a dedicated security team, employees must be assigned to deal with a security crisis when it occurs.
  • Incident Team: who is going to co-ordinate the response? Who should be contacted following a breach and how are you going to reach them? Define an escalation point.
  • Legal-counsel: if, for example, customer credit card details are stolen, legal support may be necessary.

Who are your stakeholders?

There are a number of stakeholders that should be considered. For example, if customer data is stolen, the following stakeholders would need to be consulted:

  • C-level executives – businesses must consider when and how to consult their C-suite. For example, it may be necessary for the CEO to release a statement.
  • Media relations department – to ensure strategic messaging is in place when informing customers about the incident and handling inquiries from the press.
  • Customer services – need to be informed to prepare for incoming customer enquiries.
  • Employees – employees must be kept up to date throughout the process to ensure they are prepared for calls from customers and the press. Employees must be aware of when and how to escalate queries.
  • Customers – organisations are legally obliged to inform customers of a data breach. The ability to communicate with customers en masse in real time is important.

How to prepare communications in your response plan 

  • Assess:What is happening? What is the impact? Determine the likelihood, severity, and impact of the incident
  • Locate: Who is in harm’s way? Who can help? Identify resolvers, impacted personnel, and key stakeholders
  • Automate: Which team members need to act?
  • Communicate: What should employees do? Notify employees on what action to take and keep stakeholders informed

Power of cloud-based communications platforms

As cloud-based critical communications platforms are not reliant on one network, organisations that used the platform to send out an emergency notification are assured that the message will get to the right people. Most organisations rely on internal email to communicate in the event of a crisis, despite the fact that a cyber-attack might impact the email network. In doing so, organisations are exacerbating the issue and potentially providing hackers with critical company information.

By having a system that operates entirely independent of an internal communications network, organisations can ensure that the bilateral lines of communication between management and staff remain open—even in the event of a cyber-attack or IT outage that may compromise an internal network, or a rush of calls which may overload a telecommunications network.

By using cloud technology to automate the time-intensive emergency cascade process, resources can be deployed far more effectively and efficiently than before, ensuring that the safety of everyone involved is better protected. In doing so, communications technologies can not only help protect business assets but save the lives of employees. In an emergency organisations cannot waste time searching spread sheets and schedules to manually notify employees.

Multi-modal, two-way communication

Critical communications platforms are already deployed by businesses, local authorities and national governments around the world to warn and advise people in the event of a crisis. These incidents can range from sourcing a relevantly-skilled IT technician to repair a broken server, to engaging with the public during a terror threat. Central to the success of critical communications platforms are two key functions.  The first is the capability to deliver messages using a variety of different methods – this is known as multi-modal communications.  No communications channel can ever be 100% reliable 100% of the time, so multi-modality transforms the speed at which people receive the message.  Multi-modality facilitates communication via multiple communication devices and contact paths including email, SMS, VoIP calls, social media alerts and mobile app notifications, amongst many others.

Multi-modality ensures that it is easier to receive a message. Two-way communication makes it simpler to confirm a response. In a critical emergency every second counts, so organisations can use communications platforms to create and deliver bespoke templates that require a simple push of a button to respond to. In doing so, the level of response to critical notifications can increase significantly.

For instance, if a cyber-attack compromises an e-retailers website, every second costs the business money. An IT engineer must be located and available to help as fast as possible. Two way communications enables the business to send an alert to the IT team giving them the option to reply with “available and onsite”, “available and offsite” or “not available”. Organisations can build a clear picture of the incident and prepare for downtime if necessary.

Combined, multi-modality and two way communications transform critical communications from an incident alerting platform into a communications tool where organisations can respond smarter and faster. In situations where multi-modal communications and response templates are deployed together, response rates to messages increase from around 20% of recipients to more than 90%.

Conclusion

As technology continues to advance, cyber-attacks are on the rise and organisations need to have the tools in their armoury to be able to communicate and recover quickly in the event of a crisis. It is an organisation’s response to a cyber-attack that will determine the severity of its impact. Critical communications platforms can help businesses prepare for a breach to limit downtime and damage. Companies have a duty of care to keep customer information secure. Legal implications could be applied if responsibilities are not fulfilled. An efficient, well-practiced incident response plan can maintain brand reputation and ensure a business is not forever known for the number of customer bank details or thousands of pounds worth of revenue it lost.

By Nick Hawkins, Managing Director of Everbridge EMEA,


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/