Cybersecurity breaches challenge an entire enterprise and its stakeholders. Efforts to prepare for and recover from such events require a whole-of-enterprise approach. Not only can the lack of preparation and effective response shake confidence in the enterprise, but financial and reputational damage can be severe, even unrecoverable.
Perfect cybersecurity is practically impossible. Effective cybersecurity that allows an enterprise to maintain its business and mission while recovering affected operations can be achieved.
Cybersecurity incidents are likely to become public knowledge. Those organizations faced with the response to and the consequences of such incidents must account for themselves in public. The adoption of best practices is no longer optional.
Adoption of a whole-of-enterprise approach requires real work and coordination well before a cybersecurity breach occurs. That work pays dividends. Having such an approach in place can provide an enterprise with a matchless opportunity to recover swiftly, communicate clearly, and coordinate effectively. The enterprise can preserve vital information, sustain business and mission operations, and limit damage to, and perhaps enhance, an enterprise’s reputation.
Recent cybersecurity incidents at Sony, a German steel factory, Target, Anthem, and elsewhere highlight the need for better preparedness and a more coordinated response. The information technology environment in which we operate is dynamic. Threats change every day, as do the architectures on which we depend. Cyber-criminals and foreign intelligence services conduct constant reconnaissance against current and potential targets. They accrue “exquisite intelligence” regarding those targets and sometimes know more about a target’s network topology and administration than the target itself does.
Enterprises subject to cyber-attack and exploitation must become more self-aware. Every enterprise should know key information about its operations and recognize that adversaries certainly will do whatever possible to know the same information. Enterprises must regain—and keep—their information advantage.
Knowledge in five key areas must be gathered and constantly renewed:
1. Inventory of valuable information: What information would be most damaging if destroyed or compromised?
2. Network knowledge and chain of responsibility: How is our network formed, logically and topographically, and who has access to it?
3. Cybersecurity policy: Do we have a comprehensive policy and how is it applied and enforced?
4. Vulnerability assessment: Do we continually monitor for potential breaches and compare actual to expected network behavior?
5. Emergency planning: Are we prepared to gain the upper hand and sustain vital operations when a cybersecurity breach occurs?
In the event of a cyber-breach, stakeholders must know that the situation’s scope is being assessed and that the enterprise understands the stakes for itself and for them. The need for effective response that encompasses an enterprise’s operations and its reputation has never been greater, and it will only grow. Questions relating to privacy, financial impact, loss of intellectual property—and in the case of critical infrastructure, the public’s safety—will emerge and emerge swiftly. Strategic communication with stakeholders in a crisis environment requires crisis planning to sustain the confidence of those affected and to coordinate the response.
Today’s cybersecurity planning and response tends to be fragmented organizationally:
A fractured response results in inconsistent information and uncoordinated activity. Efforts to understand the nature, severity, and scope of an incident are overcome by the pace of public speculation regarding the incident. Such speculation may not be congruent with reality, but it may become the dominant narrative and come to define the organization in a way that causes lasting damage.
A whole-of-enterprise approach is essential to cybersecurity planning and response. It requires ownership by everyone. C-level and line-of-business leaders should convene periodically—with the explicit support of the chief executive officer—to build structured plans that define areas of responsibility and the coordination mechanisms for ensuring a consistent response. Because of their overarching responsibilities for an enterprise’s financial performance and reputation, CFOs and CCOs can play an important role in bringing together this executive team.
A coordinated response that reflects the development and sustained activities of a dedicated executive team allows for regained business and mission operations and restores the upper hand regarding an enterprise’s reputation. Information will be coordinated and consistent in reporting to regulators, board members, and other stakeholders.
Photo Gallary: Sketch Notes from CyberSci 2017