As the world was enjoying the sights, sounds, and spectacle of the opening ceremonies of the 2018 Olympic Winter Games in Pyeongchang, South Korea, last week, some sinister forces were quietly working behind the scenes to implement a cyber attack that took down television and Internet access at the games. As was reported, “the attack first caused internet protocol TVs to malfunction at the main press center. When organizers responded by shutting down servers to prevent more damage, it took down the Winter Olympics website. With the site down, attendees who had purchased reservations were unable to print their tickets. The Wi-Fi also went down in the PyeongChang Olympic stadium. It took about 12 hours before the website and other non-critical systems were fully restored.”
While the damage was quickly contained and fixed, the event served as an important reminder that cyber-attacks can, and will, happen anywhere and everywhere. For enterprise leaders, it further makes it clear that cyber-attack planning should not just focus on if an attack will happen, but when it will happen. And it’s not just CIO’s that are worried. According to the Wall Street Journal, chief information security officers (CISOs) report that they are vastly underequipped to deal with cyberattacks. With stakes as high as $100,000 per hour for infrastructure failure in the Fortune 1000, your company can’t afford not to be prepared.
Just as important as ensuring that safeguards are in place to prevent cyber attacks is to have a plan of response for when and if one occurs. Business leaders that proactively plan on how to respond and repair a cyber-attack are best positioned to lessen the damage caused, whether it be productivity, security, or PR damage. And once a plan is in place and roles and responsibilities are assigned within an organization, it is equally important to test the plan and procedures.
Here are some other steps business leaders should think about adopting when responding to a cyber-attack.
- Alert your team. Right from the start, it’s crucial for the right executives to be informed of the situation. As CIO, you could be the go-to in your firm’s security strategy, which means that as soon as security is compromised, all eyes will be on you. As a first step—if you haven’t done so already (see our recent interview, “Palo Alto Networks CMO René Bonvanie on Crisis Management,” about why you should be prepared)—create the list of executives that need to be alerted. Cyber-attacks hit hard, so you’ll need a companywide strategy to respond.
- Notify customers. If the cyber-attack involved customer information, work with your sales, security, and legal teams to craft written communications that inform those involved about the relevant information to put their concerns at ease. Recognize that the language used and speed of response will be scrutinized, so taking an honest and confident tone will help regain trust with your customer base. Painful as it might be, being transparent and upfront is critical.
- Call in the experts. If the source of the breach is not easily identified, you might think about calling in a forensic team. They can be knowledgeable about the latest tactics used by hackers and will likely be able to identify the issue more quickly than your internal team. In some cases, multiple teams can be brought in to work together. Once the source of the hack is identified, they can offer guidance on points of weakness and suggest what can be done to prevent future incidents.
- Prepare information for your communications team. Your communications teams will likely be reviewing the situation to understand exactly what statements need to made to the media (and depending on your industry, HIPPA, SEC, and FINRA, as well as any state organizations). As CIO, the best thing you can do is prepare a statement detailing the technicalities—exactly what was the breach, why did it take place, is it contained, and, most important, how you are responding.
- Evaluate and plan ahead. Once the dust settles, it’s important to evaluate your responses and actions across all roles and responsibilities. If you had a plan in place, how did it work? What can be improved on? What were the pain points? And if you were caught off guard, realize that now is the time to create a thorough incident-response plan built on the lessons learned. Not only is this a time to be internally reflective, but it’s also important to understand how your customers think you handled the situation. Asking for feedback also shows you are mindful that their business is important and that you are working to prevent any future incidents.
Today, all organizations—as evidenced by the recent Olympics attack—are susceptible to damaging cyber breaches. Preventative technology measures and safeguards are the first line of defense against an attack, but business leaders need to be prepared with a response action plan. Your response could mean the difference between a bronze medal and last place.