This week at Infosecurity Europe, more than in any other year, the conversation topics around cyber were broad.†
In previous years, the focus has been on new solutions, a particular strain of malware or a recent data breach; this year political hacks were the topic of interest.† Not least because it was also the week of the UKís Ďsnapí election.
With cybersecurity now a political concern, the issue has a higher profile than ever.† In reality, perhaps itís not a case of Ďwinningí the cybersecurity war but adapting to a new cybersecurity front.
Just like any other warfare, the tools and tactics evolve.† Cybersecurity is no different and in the last year Ė when some of the hardest fought political campaigns have taken place Ė nation states have realised how valuable data can be; particularly when taken hostage.†
Whether itís a ransomware attack that demands payment to return data control back to its owner, such as WannaCry, or propaganda and reputational damage done from leaked emails, in the case of the DNC hack, cyber criminals and their backers present a serious challenge to political stability.†
That companies need to take advantage of technology solutions to help them address their security challenges is self-evident but, to my mind, companies also need to put more time into planning what and how they would communicate - internally and externally - in the event of a cyber-attack.† All too often, when a breach happens, companies donít have a communication plan ready that they can put into immediate action. This is essential when the companyís reputation is at stake.†
As with all PR, the answer is in understanding your audience. With this in mind, my three tips for communicating in the event of a cyber-attack are:
- Say what you know - too many companies comment on what they donít yet know and this can result in misinformation over the size and impact of a breach
- Say it quickly - putting the customer first is absolutely paramount and this is why it is vital that communication happens fast, no matter how brief. If information is still emerging, companies can update customers but in the meantime, the end user will be wise to anything suspicious
- Give good advice - ensuring customers are empowered with knowledge to act in a security savvy manner helps at all times and could decrease the chances of them being impacted as a result of a security breach. Password changes, deploying two factor authentication and being able to spot a phishing email are relatively simple things that anyone can do at any time to help keep themselves secure.
At Infosecurity Europe this year, the commitment to combating cybercrime was clearly strong, but that isnít to say the cybersecurity war doesnít rage on.