When a cyber incident strikes, the big question on every executive’s mind is, “How bad is it?” Unfortunately, the immediate answer is often, “We don’t know.” Understanding the full scope and impact of a breach can take weeks, if not months, leaving security leaders under immense pressure to provide answers.
With regulators increasingly demanding transparency, Chief Information Security Officers (CISOs) face the daunting task of quickly identifying the extent of a breach, communicating the damage effectively, and mitigating the impact.
Be transparent, accurate, and confident
There must be a delicate balance between confidence and uncertainty when communicating the severity of a breach. While it’s important for an organisationโs CISO to appear composed, an appearance of overconfidence, and especially smugness, can backfire if the situation evolves rapidly.
Experts recommend communicating the uncertainty of the risk without letting the audience lose confidence in the security teamโs ability to contain and manage it. Responses should be framed as an ongoing investigation with evolving findings, providing a range of potential impacts while emphasising the current best estimate.
Interestingly, senior executives are often less concerned with the technical details of a breach and more focused on the immediate consequences, when operations will return to normal, and what the financial implications will be. CISOs should communicate response and recovery information, as well as remediation efforts, in a clear, concise manner that even non-technical business leaders can understand.
Keeping pace with demanding stakeholders
Itโs also important that there be frequent updates to the senior leadership team, even if there isn’t much new information to share. Frequent updates can help alleviate anxiety and maintain control over the intrusion or compromise narrative. A consistent flow of information will also ensure all leaders understand any risks posed, and avoid potential blame on the CISO in the case of an incident.
Building trust with the executive leadership team before a crisis strikes occurs is essential, and CISOs can achieve this in a number of ways. One is to conduct regular cyberattack table top exercises. These exercises can help familiarise executives with the incident response process and the challenges involved. CISOs should also work to clarify roles and responsibilities by establishing clear lines of communication and decision-making authority before any attack takes place. Investing in telemetry and visibility is equally important. These tools ensure the organisation has the necessary tools in place to provide accurate and timely information about an incident.
Leveraging network visibility for proactive defence
In addition to detecting attacks, network visibility is crucial to implementing proactive defence strategies. By understanding attacker behaviour and identifying potential vulnerabilities, organisations can take steps to harden their networks and reduce their risk of being compromised.
Some examples of how network visibility can be used for proactive defence include:
- Identifying and patching vulnerabilities: Network traffic analysis can help identify vulnerable systems and applications. By patching these vulnerabilities promptly, organisations can reduce their attack surface.
- Enforcing security policies: Network visibility can help enforce security policies, such as restricting access to sensitive data or preventing unauthorised network connections.
- Detecting anomalies: By monitoring network traffic for unusual patterns, organisations can detect anomalies that may indicate a potential attack.
- Improving incident response: Network visibility can provide valuable information for incident response teams, helping them to contain and remediate attacks more effectively.
The future of cyber defence
Artificial intelligence (AI) and machine learning (ML) have become useful technologies for all types of businesses, but on the other hand, also abused by threat actors to bolster their own methods. As time goes on, attackers leveraging the power of AI will become more sophisticated in their operations, leaving organisations more susceptible to an incident.
CISOs must also explain the gravity of this threat to their organisationsโ leadership and boards, ensuring the circumstances around an AI powered attack, like ransomware, are understood by all parties. Weโve reached a point where attackers can have the upper hand in many cases, which is why itโs paramount that the right tools are invested in to provide deep visibility into an organisationโs IT infrastructure, and be resilient against cyber risk.