Following is an excerpt from my recently published position paper “The Forgotten Fear Factor: Communicating During a Hack Attack:”
It’s not like the impact from an industrial accident or a hurricane. When your business is hit with a cyberattack, you may not learn about it for months. And that’s if your tech team is on the ball.
Cybercrime is now a big business. Life was easier when it was just unshaven, smelly guys subsisting on Cheetos and Peanut M&Ms, living in their parents’ basements. These days you’re in for a business-to-business brawl or, even more dangerous, a sophisticated attack launched by a foreign government.
Today’s executives dread cybercrime, with many viewing it as the number one threat to the business. The odds are strong that you are going to be affected at some point, by either an external or internal hack.
You have a plethora of resources at your disposal that cover certain aspects of batting back a hack attack—insurance that covers some of the damages, guidance from federal authorities as to your legal reporting requirements, and an ever-growing population of companies eager to (allegedly) protect you.
The hard truth is, however, few if any of those resources are capable of walking you through what it takes to communicate when hackers worm their way into your systems. “The Forgotten Fear Factor” examines that essential yet oft-ignored facet—managing the communications component of the crisis, for how you communicate with your stakeholders in the near- and long-term could spell the difference between survival and chronic struggle.
Your business is going to experience a cyberattack. It may occur today, tomorrow, or several months from now. Are you a doubter? Try these example on for size:
- A health insurer that loses track of confidential policyholder data.
- A retail outlet that suffers theft of customer credit card records.
- An online small business that is forced to devote massive resources and months to overcoming a nefarious hacker.
- A medical device manufacturer whose products—and more important, patient safety—are compromised.
- The internal threat, in which one of your workers sells access to your data for a few thousand dollars.
- Another internal threat where the hacker gives one of your workers a thumb drive (and a bounty) to inject malware into your system.
- A problem your chief risk officer never saw coming.
- You discover you’ve been victimized by ransomware, a situation in which black hats put a “time bomb” in your system that activates after your backups are too old to do any good. Do you want the solution? Pay the blackmail to the not-so-nice man.
What cybersecurity dilemmas have you confronted? How have you dealt with them from a communications standpoint?