How to React After A Security Breach Leak
Without proper protection, security incidents can happen at any time, indiscriminately targeting businesses. Don't wait until your vulnerability is exposed in the media to think about cybersecurity. The consequences can be disastrous! But if it was to happen, are you prepared for this eventuality? Do you know where to start?
A security breach puts all your company operations under serious risks! Your clients’ confidential data is scattered all over the Internet. Journalists start spamming you. You are facing a real crisis!
It is also the worst every TI director and cybersecurity manager’s worst nightmare. Your organization looks vulnerable and defenseless. This is bad for business!
Through our service Cybersecurity Respond, Streamscan is often called to the rescue of various organizations to deal with their cybersecurity incident already in the headlines. Through our many experiences in crisis situations, we have identified a series of actions that every organization should follow if you are ever faced with this reality.
Accept the situation
The worst has already happened. You had no control over the news release of your cyber security incident. Journalists are doing their job and you are now THE scandal on every channel. Forget about trying to contain this outbreak, you need to focus your energy on your contingency plan. The survival of your business rests on the next critical 48-hours.
Where to start?
As soon as you become aware of the publication, you must immediately designate a spokesperson who will become the only individual authorized to speak with the press and the public. You can choose an internal staff member from your communication department or mandate an external expert specialized in crisis management communication.
Take back control
Public opinion is based on the media coverage, especially if it is the only source of information thus far. If they write that your organization was infected a ransomware or that Russia attacked you, the public will believe them. However, the reporters can have it wrong!
The best example is during one of our interventions, where Streamscan was called urgently by an organization that was the victim of a cyber incident stuck in a media storm. At the time, the press was reporting that the private data of 300,000 clients had been harmed by this incident. However, our experts proved otherwise! Our investigations showed that only 300 accounts were actually affected by the incident. Thanks to our professional intervention, the business that hired us was able to correct the numbers with its clients and the public.
Communicate with the outside world!
If the journalists can't reach you, this will be strongly and publicly criticized. A lack of transparency on your part will only increase public suspicion and distrust, which will be interpreted as running away from responsibilities, that the damage is far worse and that you lost control over the situation. In addition, your organization will suffer!
Show the press that you are available and that you take the event seriously. If you haven’t already appointed a spokesperson, do so as soon as possible. This person should write to the various news organizations with their personal contact, and reflect the strong image of the company!
Don't forget your employees
Internal communication is equally important. Your employees should be alerted before the general public. Don't let your employees deduce what’s happening from their field of view. You must communicate within your administration and establish the information sharing policies.
What can you share?
When the incident has just happened, it is difficult to know everything at once. Details can change as the situation evolves. So, what can you say?
While you await the final verdict, mention the small and big successes and achievements, without oversharing, stick to the necessary information and avoid getting too technical. Show that you activated the action-reaction mode! A good initiative would be to create a web page where Internet users can follow the evolution of your incident management live. This is what Kaseya did during the ransomware case that occurred in July 2021.Soon the communication will be rebalanced and you'll be back on top of the information. This is what the public needs to restore your confidence.
S.O.S. Where do you find help?
If you don't have the tools or experts available internally, do not try to improvise. The media will happily report every stumble of your incident. You can’t afford any mistake, the public won’t forgive you.
A good start is to alert the appropriate authorities of your current situation. The GRC or the Canadian Center of Cybersecurity and Telecommunication will be able to refer you to more resources, such as Streamscan!
At the end of the day, you must remember that bad management of your cybersecurity incident is more harmful to your organization and will damage your benefits considerably. Seeking extra help from cybersecurity firms such as Streamscan will allow you to regain control over your data and operations more rapidly. We have the expertises, the specialized team and the finest technology on the market to quickly and effectively intervene in a cybersecurity case. The most important, is that you get the help you deserve!