7 Steps for Cyber Crisis Management

Traceability and Technology - Traceability and Technology

April 7, 2017

By Lisa Lupo

Data breaches have become so much a part of the “new normal” that cybersecurity has been listed by Law 360 as one of the top five “hot” practice areas in 2017 for law firms, said Commcore Consulting Group President/CEO Andy Gilman.

While there are a number of steps one can take to help thwart a breach, there is only one absolute method of prevention, Gilman said, citing Gene Spafford, Purdue University CERIAS Executive Director Emeritus: “‘The only truly secure system is one that is powered off, cast in a block of concrete, and sealed in a lead-lined room with armed guards.’”

As such, it is critical that a food facility have a crisis management plan in place. And just as for a recall plan, an effective cybersecurity defense strategy requires collaboration among multiple disciplines, Gilman said.

To enable this, Gilman, in coordination with Southern California Edison Attorney Robert Kang, developed seven key steps that facilities should follow for cyber crisis management:

1. Have a plan. A breach within the organization or anywhere along the supply chain can easily become a crisis if it is not handled quickly and properly. Just as a recall plan should ask “What happens if ...” — filling in the blank with the potential issues, the cybersecurity plan should have “What if” questions. But, Gilman said, if it’s a cyber issue, the first person to talk to is someone in your information technology (IT) department.

2. Develop relationships with IT and other departments. Build your relationship with those who handle your IT needs before there is a crisis, so you’re not spending time doing so when a crisis hits. This is important whether you have an internal department or external service provider.

3. Coordinate different emergency and crisis plans. Working with your various departments and providers, create plans that can be put in place quickly in the event of a breach. For example, you will need to be in sync with human resources to ensure the manpower can be put in place; finance in case money needs to be spent quickly; marketing communications or investor relations for public announcements or comments that may be required; etc.

4. Write and update pre-approved templates for media and stakeholder response. Have a fill-in-the-blank set of forms. Again, the more quickly you can respond, the better you can contain a crisis.

5. Conduct drills to test the plan and build teamwork. Much like mock recalls or fire drills, running a drill on your crisis-response and communication plan will enable you to test it for holes or efficacy. This also will help in the building of relationships among the team members who will be needed for implementation.

6. Have law enforcement on speed dial. Cyber-attacks are crimes. Not only should an attack be reported as such, but doing so could help investigators in discovering a pattern leading to the arrest of the perpetrator(s).

7. Practice the “3 F Rule”: Fast, Flexible, Factual.

  • Fast. In a medical crisis, the “golden hour” refers to the first hour after a traumatic injury when there is the best chance of survival if basic medical treatment is received, after which more critical decisions and in-depth treatment can be made. Similarly the faster one acts in a cyber crisis, the more chance there is of brand survival, although Gilman recommends companies think of it as a “golden 15 minutes,” rather than hour.
  • Flexible. While it is critical to be able to make quick decision, it is just as important to be open to changing direction or actions based on new information that is attained.
  • Factual. While the preparation stages included questions of “What happens if ...,” it is now time to focus on the facts. Make decisions based on facts you know; don’t address hypotheticals of things that may or may not happen.
“There are two kinds of companies: those who have been hacked and know it and those who have been hacked and don’t know it,” Gilman said. “It is just another risk factor that you have to manage.”