With the risks posed by cyberattacks growing worse, nearly one-quarter of IT decision makers at large companies believe that their company will be hit with a cyberattack within the next three months. Are organizations doing enough to ensure that their next breach doesn’t become a business disaster? And is it fair to hold executives accountable when a security breach inevitably occurs?
Holding Feet to the Fire
Gartner predicts that by 2024, as many as 75% of CEOs could be held liable for data breaches if incidents occur due to a lack of security focus and spending. When security breaches and cyberattacks occur, especially due to a lack of security prioritization, business leaders need to take responsibility. After all, they’re the ones responsible for safeguarding and ensuring the well-being of customer, employee and other sensitive business data.
But just because a breach occurs doesn’t mean it has to have catastrophic business consequences – and it doesn’t necessarily indicate negligence. Breaches a part of our dynamic, hyper-connected world today.
But in order to demonstrate responsibility and take accountability when security incidents do occur, business leaders should:
1. Report attacks and notify customers, employees and stakeholders of a breach in a timely manner.
The U.S. Chamber of Commerce explains that sooner you can alert customers of a security breach, the sooner they can take steps to protect themselves from fraud. Additionally, it helps to give customers as much information as possible about the nature and extent of the breach (via a variety of communications channels) so they can make more informed business decisions.
Be mindful of evolving reporting requirements as well. For example, critical infrastructure organizations have 72 hours from the time they believe a cyber incident has occurred to report it to CISA. Timeframes and reporting requirements vary based on the size of the organization and sector.
2. Take rapid action to detect, contain and remediate the threat.
Work with security teams and other stakeholders across the organization to triage the breach and ensure that any initial access points are locked down – essentially making sure that the initial attack cannot spread from system to system to further compromise data, business processes or impact even more customers and suppliers.
This is where preventative Zero Trust tools and technologies like Zero Trust Segmentation (ZTS), designed to limit the “blast radius” of an attack, can help. According to a series of emulated attacks, ZTS stops attacks from spreading in 10 minutes – nearly 4 times faster than detection and response capabilities alone. Consider where Zero Trust tools like ZTS can help your organization better prepare for and respond to cyberattacks.
3. Assess key takeaways and learnings from the breach.
Lastly, once the security breach is remediated, sit down with your executive team and the board to discuss what could have been done differently, and what could have been done better. Think about how your organization can better respond to breaches and communicate with customers the next time you’re attacked. Discuss how the breach occurred – was it just incidental or was it due to a lack of prioritization and preparedness?
Ask yourself: How could we have communicated the incident better? How could we have responded more effectively? How could we have tested our response plan more proactively?
While we know that breaches are bound to happen, not every security breach needs to have severe business consequences or put reputations at risk. At the end of the day, every organization is a software company today, which means that every organization is also a cybersecurity company. Business leaders must “assume breach” and consider the security of their customers, employees and business data as a top business priority – or risk reputational fallout.
But by being proactive and prepared for attacks to occur and communicating transparently and authentically when cyber incidents inevitably do happen, organizations and executives will be in a much better place to quickly resume business operations, and maintain customer trust, following an attack.