Virtualization Technology News and Information
Why incident response is not limited to IT security matters

By Alexander Moiseev, Chief Business Officer at Kaspersky

Almost half (46%) of enterprises worldwide experienced at least one data breach in 2018, with victims including well-known names such as Marriott International and British Airways. Given this statistic, it is likely that many enterprises will fall victim to an incident, and companies should be focusing on preventing breaches as well as preparing methods to limit the impact when it happens.

This may require a combination of buying additional security solutions to detect an attack at an early stage, hiring new incident responders or training the existing team to react to an incident more efficiently. However, is your job really done after you identify the root cause of the breach and resolve technical issues? To answer this, let's look at how data breaches affect an enterprise from a financial point of view.    

IT damage costs are just the tip of the iceberg

The financial damage of data breaches cost organizations an average of $1.23 million in 2018. A tenth ($131k) of this sum is related to lost business, which can be caused by downtime in business operations. Nonetheless, when IT security teams bring all the processes and systems back on track, it does not guarantee that the business will prosper as it did before the incident.

A survey revealed that 83% of American and 58% of Canadian consumers will stop spending with a business for several months if they know that it experienced a data breach. Moreover, some of them claim that they will never shop again with such brands. The incident will spread via word of mouth, as proven by 85% of customers saying they will tell others if their personal information is stolen as a result of a data breach.

Given how much data breaches affect customer loyalty, it comes as no surprise that companies typically have to spend 11% of the average breach-related cost on additional PR activities aimed to mitigate negative perception after the attack.

How to stop a cyber incident becoming a PR disaster

The aftermath of a data breach goes beyond IT security, making the response to it a business-wide matter. In our survey of more than 300 CISOs worldwide, almost all agree (97%) or strongly agree (47%) that they have participants from all key departments including IT, legal, HR, customer support, sales and corporate communications involved when responding to a security incident.

Despite IT security leaders understanding the importance of cooperation across different departments when responding to an incident, companies still fail to deliver an adequate response, often because companies don't know how to specifically handle crisis communication related to the IT security incident.

The key to effective crisis management is to be prepared. That way, companies should know how to communicate the dangerous situation they are likely to face because of their business risks. As the statistics imply, cybersecurity incidents should be also included in this, however a single plan to address any cybersecurity issue will not work. The possible impact on a company's reputation depends on what kind of incident it experienced - whether it was APT, which allowed cybercriminals to spy on its activities, or ransomware, which paralyzed the business. Instead, a crisis communication plan should take into account the company's threat model and cover the likeliest scenarios.

When a company discloses an incident, another mistake is to draft a generic statement that does not provide any information on what exactly happened, how it affects its customers and partners and how the problem is being solved. The lack of details creates a breeding ground for speculation, which results in even bigger reputational loses. Therefore, to write an informative statement, corporate communications need to find out details from stakeholders.

A timely and coordinated response to an incident depends on how well internal communication processes are established. Effective means of communication allow employees to be always-on and stay updated on the situation, which is essential during a crisis. In the case of cyber-incidents, there are usually challenges in communications such as email, IP-telephony, direct messages and phone or video calls as they may be compromised by hackers. So as not to cause another breach when discussing a statement, a company must have operation security measures on preparation for the disclosure of an incident. It protects the business from sensitive information leaking if attackers still persist in the network or through careless or malicious employees.

But how can one communicate without means of communication? In this situation, involved employees should use encrypted channels. Nonetheless, non-IT staff may not know much about encrypted messaging applications, so they will have to spend their precious time installing them - or explaining to an IT administrator why they need something besides already approved means of communication. 


About the Author

Alexander Moiseev 

Alexander Moiseev is the Chief Business Officer of Kaspersky Lab, responsible for sales strategy and marketing globally. Prior to this role, Alexander was Kaspersky Lab's Chief Sales Officer, where he led global sales and new business development.

Having joined Kaspersky Lab in 2006 as Business Development Manager for Italy and Israel, it took only two years for Alexander to be promoted to Managing Director of Kaspersky Lab Italy and Mediterranean.

In 2014, Alexander was appointed Managing Director of Kaspersky Lab Europe, taking responsibility for its operations, and ensuring the commercial success of the company's many products, solutions and services within the region.

Since 2011, he has worked concurrently as Head of Kaspersky Lab's Global Partnerships and Sponsorships, team, developing the company's global sponsorship projects - the biggest of which is the partnership with Scuderia Ferrari. He is also one of the driving forces behind the company's technology and innovation investments in transportation systems cybersecurity.

Alexander graduated from Moscow State University with a degree in engineering with mathematics and cybernetics.

Published Friday, November 15, 2019 11:06 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2019>