How CISOs Can Master Cyber Attack Communications

Uploaded on 2024-12-30 in TECHNOLOGY--Resilience, FREE TO VIEW

The modern CISO's responsibility now extends far beyond technical leadership, particularly during cyber incidents, which includes investigations of anomalies prior to declaration of an incident. Effective crisis communication has long been a cornerstone of the role, crucial for maintaining organisational cohesion and stakeholder confidence.

In the wake of any incident, CISOs must balance transparency with strategic messaging, providing clear and timely updates that reassure, without overpromising.

The most important element of this communication is for organisations to have a formal and documented Crisis Communications Plan (CCP) which is critical to manage communications in all negative circumstances. In the situation of any cyber security incident or breach, that would necessitate both internal and external communications, potentially to internal stakeholders, and possibly to external customers, regulators, and even law enforcement depending on the severity.

By mastering this delicate communication balance through the use of a formal CCP, CISOs can steer their organisations through the turbulent waters of a cyber crisis, ensuring that response efforts are complemented by effective stakeholder communication and management.

Managing Uncertainty With Confidence

When a cyber incident takes place, the first question from executives is usually: “How bad is it?”– The reality is that the full scope of the attack may not be clear immediately, and the answer to this question can evolve over time. Early on during an incident, CISOs must communicate the uncertainty of the situation while also maintaining confidence towards rectifying the situation.

It’s important not to overstate what is known, but also avoid conveying indecision or panic. Explaining that the investigation is ongoing, and that initial findings may change as more data becomes available, helps manage expectations.

It is also useful to have previously communicated to executive management and other internal stakeholders what the levels of concern may be. This should involve prior training where key terms such as ‘Event’, ‘Anomaly’, ‘Incident’, ‘Compromise’, and ‘Breach’ are already understood. Understanding the scope of any cyber event goes a long way towards understanding what needs to be communicated, and to whom.

Focusing On Operational Impact

In the aftermath of a cyber incident, C-suite executives and board members typically prioritise understanding the business implications in lieu of the technical details. Their primary concerns often revolve around regulatory compliance, operational continuity, financial impact and the integrity of mission-critical systems. Rather than focusing on the intricacies of the exploit or malware variant used, senior leadership seeks clarity on operational and financial impact, recovery timelines, and the extent of disruption to core business functions.

As such, CISOs must be adept at swiftly translating complex technical information into clear, business-centric insights that address these key stakeholder concerns.

Whereas the CCP manages communications to regulators, employees, and customers, this level of communications is solely to drive business decisions by executive management. This approach ensures that decision-makers have the relevant information needed to guide the organisation's response and recovery efforts effectively.

When communicating with senior leadership during a cyber incident, CISOs should prioritise delivering concise, actionable information focused on impact to technical systems affected by the cyber event, and the consequential impact on business operations and customers. A well-structured update must include the status of critical services, containment and eradication of any hostile presence inside corporate systems, specific actions being taken to
address vulnerabilities once the situation is resolved, and a planned timeline for system restoration. Taking this approach demonstrates how the corporate security department is actively managing the situation, making tangible progress, and aligning its efforts with business priorities.

By providing such targeted updates, CISOs can effectively reassure executive stakeholders and facilitate informed decision-making during both the organisational crisis response and communications.

Keeping Stakeholders Frequently Updated

A crucial component of clear communication by CISOs is the frequency of updates. Regular communication in all situations, perhaps every 30 minutes in the early stages, provides reassurance and keeps everyone aligned. These updates don’t need to contain definitive findings but should focus on progress, such as recovery efforts or confirmed impacts. This will help prevent internal or external speculation and keep the situation under control.

Regulatory Compliance & Reporting

In the UK, cyber incident reporting is governed by key regulations that mandate timely disclosure of significant breaches. The Network and Information Systems (NIS) Regulations require operators of essential services to report incidents that substantially impact service continuity. These reports must be submitted to the relevant competent authority without undue delay, and no later than 72 hours after becoming aware of the incident. In addition, the UK Data Protection Act imposes strict reporting obligations for personal data breaches. Organisations must notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of a breach that risks individuals' rights and freedoms. If the breach poses a high risk to affected individuals, they must similarly be informed without undue delay.

During a cyberattack, CISOs must quickly evaluate whether an incident necessitates regulatory reporting and work closely with general counsel, the Chief Compliance Officer, and if necessary, outside counsel. By leveraging advanced network telemetry and full packet capture, they can gather the detailed information needed to assess the incident's materiality, so that legal, security, and compliance can collaborate to meet reporting requirements while
effectively managing the incident.

Building Trust Through Effective Crisis Communication

Crisis communication during a cyberattack requires transparency and sureness. By focusing on operational impacts and leveraging network visibility tools, CISOs can ensure that they provide accurate and meaningful updates to stakeholders.

With the right preparation, understanding of regulatory requirements and tools to assess the attack’s scope, CISOs are better positioned to manage the crisis and mitigate long-term risks.

Mark Bowling is Chief Risk, Security & Information Security Officer at ExtraHop

Image: Inside Creative House

You Might Also Read: 

The Corporate CISO Role Is Evolving:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Using AI To Its Full Cybersecurity Potential
What Are The Key Trends That Will Shape Tech In 2025? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Kirkland & Ellis

Kirkland & Ellis

Kirkland & Ellis LLP is an international law firm with offices in the USA, Europe and Asia. Practice areas include Data Security & Privacy.

Armor

Armor

Armor provide managed cloud security solutions for public, private, hybrid or on-premise cloud environments.

Nethemba

Nethemba

Nethemba provide pentesting and security audits for networks and web applications. Other services include digital forensics, training and consultancy.

Beachhead Solutions

Beachhead Solutions

Beachhead's SimplySecure is a configurable, web-based management tool allowing you to remotely secure vulnerable mobile devices in your organization.

Irish National Accreditation Board (INAB)

Irish National Accreditation Board (INAB)

INAB is the national accreditation body for Ireland. The directory of members provides details of organisations offering certification services for ISO 27001.

Optimum Speciality Risks

Optimum Speciality Risks

Optimum Speciality Risks are an experienced team of cyber insurance experts, backed by Lloyds of London.

ControlMap

ControlMap

ControlMap is a software as a service platform with a mission to simplify and eliminate stress from everyday operations of modern IT compliance teams.

SGTech

SGTech

SGTech is the leading trade association for Singapore's tech industry, offering focused support and development to both strategic and emerging sectors in the industry.

Oligo Security

Oligo Security

Oligo aims to streamline the usage of open source by making it secure and easy to protect. Through focusing developers on the relevant vulnerabilities we make the fixing process significantly shorter.

Galvanick

Galvanick

Galvanick enables your operations and IT teams to protect your industrial systems and networks against digital threats.

LOCH Technologies

LOCH Technologies

LOCH Wireless Machine Vision platform delivers next generation cybersecurity, performance monitoring, and cost management for all 5G and for broad-spectrum IoT, IoMT and OT wireless environments.

The Hacking Games

The Hacking Games

The Hacking Games' Mission is to inspire, educate and mobilise a generation of ethical hackers to make the world a safer place.

Grypho5

Grypho5

Grypho5 offers managed packages to protect where threat actors strike most. We defend your infrastructure dynamically, leaving you to focus on other priorities.

Nyx Security Solutions

Nyx Security Solutions

Nyx is committed to excellence in embedded cybersecurity, delivering top-tier secure design, development, and penetration testing services that meet and exceed industry standards.

Highway Ventures

Highway Ventures

HIGHWAY Ventures is a startup studio that builds cybersecurity and vertical AI companies in Northwest Arkansas from technology developed within the federal lab ecosystem.

Collibra

Collibra

Collibra delivers a complete platform for data and AI governance, giving teams the visibility, control and confidence to turn data into a trusted asset.