Cyberattacks threaten all of us. White House officials confirmed in March 2014 that federal agents told more than 3,000 U.S. companies that their IT deployments had been hacked, according to The Washington Post. Meanwhile, Bloomberg reports that the Securities and Exchange Commission (SEC) is looking into the constant threats of cyberattacks against stock exchanges, brokerages and other Wall Street firms.
These attacks are going to happen, no matter what you do. Here, then, are four strategies to help you deal with cyberattacks and the threats they pose.
1. Have a Cyberattack Disclosure Plan
Many industries are regulated by state, local and federal governments and have specific rules about what must be disclosed to consumers during a cyberattack. This is especially true of the healthcare and financial verticals, where sensitive customer information is involved.
Sometimes in the wake of an attack, though, or even while an attack is still happening, the evolving situation can be murky enough that disclosure rules get broken -- or, at the very least, the disclosure process is delayed or confused. For that reason, it's important to plan ahead and develop an action framework when events that trigger a disclosure response occur.
Here are some considerations:
Understand the applicable regulatory framework. For publicly traded companies, the SEC generally has disclosure guidelines and timeframes. For financial institutions, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) handle this on the federal side. State regulations vary.
Engage your communications team. These employees are professionals who have developed relationships with media and other external stakeholders. They can help you control the messaging and disclosures that you're required to make, as well as advise on the timing and breadth of those statements.
Coordinate with the required departments. Most CIOs coordinate with the individual IT teams responsible for the area under attack -- as well as outside contractors and vendors helping with the mitigation and recovery, and applicable government agencies, to keep the disclosure plan on track. Identify key personnel ahead of time and make sure roles and next actions to carry out disclosure plans are known.
2. Understand What Targets Cybercriminals Value
The real question about cyberattacks isn't when they occur. Attackers constantly invent new ways to do everything, connectivity to the Internet is becoming more pervasive, and it's easier and cheaper than ever to acquire a botnet to do your bidding if you are a malfeasant. Cyberattacks will happen to you -- tonight, next week, next month or next year.
The real question about cyberattacks is where they will occur. Traditional attacks have really gone after most of the low-hanging fruit, such as payment information (witness the recent Target breach) or just general havoc-wreaking, such as the Syrian Electronic Army's distributed denial of service (DDoS) attacks. Many attacks have been motivated by political or moral issues, or they've been relatively simple attempts to harvest payment information to carry out low-level fraud.