Login

Promote Your Company       |     Contact

Independent Cyber News.

CISOs And The Art Of Post-Breach Communication
Network Security
Posted: Tuesday, Oct 08

i 3 Table of Contents

CISOs And The Art Of Post-Breach Communication
From Mark Bowling

When a cyber incident strikes, the big question on every executive’s mind is, “How bad is it?” Unfortunately, the immediate answer is often, “We don’t know.” Understanding the full scope and impact of a breach can take weeks, if not months, leaving security leaders under immense pressure to provide answers.

With regulators increasingly demanding transparency, Chief Information Security Officers (CISOs) face the daunting task of quickly identifying the extent of a breach, communicating the damage effectively, and mitigating the impact.

Be transparent, accurate, and confident

There must be a delicate balance between confidence and uncertainty when communicating the severity of a breach. While it’s important for an organisation’s CISO to appear composed, an appearance of overconfidence, and especially smugness, can backfire if the situation evolves rapidly.

Experts recommend communicating the uncertainty of the risk without letting the audience lose confidence in the security team’s ability to contain and manage it. Responses should be framed as an ongoing investigation with evolving findings, providing a range of potential impacts while emphasising the current best estimate.

Interestingly, senior executives are often less concerned with the technical details of a breach and more focused on the immediate consequences, when operations will return to normal, and what the financial implications will be. CISOs should communicate response and recovery information, as well as remediation efforts, in a clear, concise manner that even non-technical business leaders can understand.

Keeping pace with demanding stakeholders

It’s also important that there be frequent updates to the senior leadership team, even if there isn’t much new information to share. Frequent updates can help alleviate anxiety and maintain control over the intrusion or compromise narrative. A consistent flow of information will also ensure all leaders understand any risks posed, and avoid potential blame on the CISO in the case of an incident.

Building trust with the executive leadership team before a crisis strikes occurs is essential, and CISOs can achieve this in a number of ways. One is to conduct regular cyberattack table top exercises. These exercises can help familiarise executives with the incident response process and the challenges involved. CISOs should also work to clarify roles and responsibilities by establishing clear lines of communication and decision-making authority before any attack takes place. Investing in telemetry and visibility is equally important. These tools ensure the organisation has the necessary tools in place to provide accurate and timely information about an incident.

Leveraging network visibility for proactive defence

In addition to detecting attacks, network visibility is crucial to implementing proactive defence strategies. By understanding attacker behaviour and identifying potential vulnerabilities, organisations can take steps to harden their networks and reduce their risk of being compromised.

Some examples of how network visibility can be used for proactive defence include:

  • Identifying and patching vulnerabilities: Network traffic analysis can help identify vulnerable systems and applications. By patching these vulnerabilities promptly, organisations can reduce their attack surface.
  • Enforcing security policies: Network visibility can help enforce security policies, such as restricting access to sensitive data or preventing unauthorised network connections.
  • Detecting anomalies: By monitoring network traffic for unusual patterns, organisations can detect anomalies that may indicate a potential attack.
  • Improving incident response: Network visibility can provide valuable information for incident response teams, helping them to contain and remediate attacks more effectively.

The future of cyber defence

Artificial intelligence (AI) and machine learning (ML) have become useful technologies for all types of businesses, but on the other hand, also abused by threat actors to bolster their own methods. As time goes on, attackers leveraging the power of AI will become more sophisticated in their operations, leaving organisations more susceptible to an incident.

CISOs must also explain the gravity of this threat to their organisations’ leadership and boards, ensuring the circumstances around an AI powered attack, like ransomware, are understood by all parties. We’ve reached a point where attackers can have the upper hand in many cases, which is why it’s paramount that the right tools are invested in to provide deep visibility into an organisation’s IT infrastructure, and be resilient against cyber risk.

Mark Bowling
Mark Bowling is Chief Information Security and Risk Officer at ExtraHop, a leader in cloud-native network detection and response. He is responsible for implementing effective security, information security, and risk management frameworks to maximise growth opportunities for ExtraHop. Mark has previously spent more than two and a half decades investigating and combating cybercrime and nation-state attacks in leadership roles with the FBI and the US Department of Education, and protecting the US as a nuclear officer in the U.S. Navy, initially assigned to the submarine service. A highly accomplished security leader, he previously held the role of Director of Information Security and Compliance for the Washington Regional Medical System, the Virtual CISO for United Capital Financial Advisors, and the Director of Security and Compliance for Southwest Power Pool. He has spent several years as a consulting CISO for numerous organisations in the healthcare, electric utility, and financial services verticals.

Get Your Cyber News Delivered

Subscribe

Similar Posts

Share This