#Infosec2024: Cyber Resilience Means Being Willing to Learn From a Crisis
Most CISOs now plan on the basis that a cyber-attack or data breach will happen, but there is still work to do to if organizations are to survive a crisis and recover, warned industry experts.
Effective cyber crisis management is a key part of resilience. According to a panel of CISOs and cyber experts at Infosecurity Europe, security leaders need to develop, update and above all rehearse their crisis management plans.
These plans aren’t just technical in nature: they need to cover command-and-control, communications, and even the wellbeing of the teams responding to the incident. High-profile cyber-incidents, including ransomware, as well as the global pandemic, have forced boards to pay more attention to both resilience and recovery.
“We now talk in the language of when not if,” said Paul Watts, distinguished analyst and vCISO at the Information Security Forum. “The reality is, it happens to everybody.”
Effective incident response plans, however, need to be clear, comprehensive and communicated to all stakeholders. Plans also need to be practiced, or as the panel put it, “exercised.
“The reaction of the company really does depend on maturity and how well exercised people are,” said Jennifer McGhee, CISO at Element Materials Technology.
Cyber professionals have a “very solid understanding” of what needs to happen during an incident.
“But that’s not necessarily intuitive to people working in the business or intuitive to a board that haven’t been in that position before. It is our job as cyber leaders to communicate that to the business, to communicate it to the board so that people are expecting it,” McGhee explained.
Leave it to the Pros
One of the hardest parts of crisis response can be convincing senior leaders, and the board, to step back and let the experts handle the situation. This requires a good plan, but also a good relationship with the business and effective communication before a crisis hits.
“One of the hardest things I’ve had to do, when I worked at a previous company, was tell my CEO not to do anything and to sit on his hands,” said Stuart Seymour, group CISO and CSO at Virgin Media o2.
“Senior leaders, when they see something on fire, want to put their cape on and fly in to save the day themselves,” he said.
An effective strategy, and one Seymour followed when he arrived at Virgin Media o2, was to meet all the senior executives “in peacetime.” That way, the relationships and communications channels were there before a crisis hit.