Action today: If you don’t have one, have a one-page list of actions and responsibilities for an incident. Update frequently if you already have a process.
In a cyber/hacking/breach occurrence:
1) People (and thus their enterprises) may not be sure they’ve been ‘hacked’
2) What has been ‘taken’ (compromised, leaked, etc.) is uncertain
3) How did it happen (phishing email, business partner, unhappy worker, criminals) isn’t known
4) What else could happen isn’t known
5) Is this still going on isn’t known
These are NOT random issues. A Fortune 50 CEO’s career ended quickly when a business partner’s slip let criminals into the enterprise network and compromised consumers’ credit data. A technical staff or manager is small scapegoat with those stakes. (See Cyber Incident Reporting for Critical Infrastructure Act of 2022) Legal and regulatory rules – some with possible criminal penalties – apply to not disclosing incidents with regulators or legal authorities.
Key facts to remember:
worst-case
A) Certainty on who, what, when, and how the incident occurred will likely be absent – and may not matter.
B) Picking a scapegoat and assigning blame won’t help clean up the incident
C) The incident will certainly cost more management attention, resources, and brand value than your worst case expectation
D) Public, authorities, and regulators have very little sympathy or regard for your ‘sensibilities’ in an incident
E) Some damage may be irreparable (like leaked design plans for parts loose on the Internet)
Read our previous blog posts and more at www.ekalore.com/blog-1 or if you’re interested in the posts that preceded this one
Comentarios