 |
| 5 rules for executives who respond to cyberattacks |
Today, Palo Alto Networks, a specialist in developing next-generation security solutions, is being reviewed by Haider Pasha, the first director and director of corporate information security in emerging markets. The measures that managers must take in the event of a threat or online attack are:
The first rule: assume administrative responsibility:
If a cyber attack threatens to delegate tasks to the IT team, this could pose a threat to the company, as many of the top CEOs of large companies are affected by these attacks, as there is not only a risk of cyber attacks on the Internet, but also of that. Internet. This also affects public work.
The second rule: everything is related to the company's communication strategy:
Faced with cyberattacks, no one is ready to ask this question in the media and answer difficult questions and inquiries from journalists and the public. Are they limited cyber attacks or are they part of a more targeted national / regional target? Can hackers use or penetrate the back doors that perform sabotage operations and operations?
Cyber attacks are very complex and it may take months or years to answer all of these questions. However, the right corporate communication strategy outlines how the public will handle this incident. What will you do and it will remain a secret or is it disclosed transparently? Or is it a dangerous approach that combines these two problems?
Although we cannot predict the success rate of clandestine events, there is sufficient evidence to prove this because the reputation of most large companies trying to hide and detect their cyber attacks has been severely damaged.
Rule No. 3: Use experience in cybersecurity:
Most companies use IT and security managers to handle electronic crises and attacks. However, have employees fully tested and tested cyber attacks from start to finish? Without adequate technical training and without an information security team that has never experienced any cyber crisis, it cannot be solved by one person. The following job experience should be used during a crisis or cyber attack:
- Cyber security and crisis expert.
- The developer of electronic security solutions.
- Dear Colleagues, Cybersecurity is a team sport.
- The prosecution.
Rule No. 4: Information on how to contain cyber attacks:
If you follow all the recommendations related to this crisis randomly, it may take several years to curb cyber attacks. Can IT officials be challenged to find a balance between controlling accidents, maintaining workflow, and avoiding panic?
Instead of doing everything at once, employees can choose a risk-based containment approach to solve major problems:
- What causes attack or infiltration?
- What sensitive data or information are affected?
- How can this attack be mitigated?
To understand how to reduce a threat, the first and second problems must be properly understood. Sometimes the attacker has to stay on a private network for a short time to determine his true motives. If the impulse is harmful and has serious consequences, then it should be done as soon as possible. Remove it from the network. Maybe.
Fifth rule: caution is better than regret:
How does a cyber attack affect companies in terms of reputation, legal, financial and technical implications? Did the attack cost you a lot of money because the server was not operational for the past 20 hours?
Estimate the total cost of cyberattacks, try to constantly influence operations without wasting time on important projects. In addition to conducting this analysis while facing the threat of cyber attacks from insurance companies, it helps you understand what you need to face cyber security challenges.
Addressing flexibility in cybersecurity:
Regardless of the work area, appropriate electronic scenario plans must be developed to deal with the worst cases, and the goal of developing electronic scenario management plans is to reduce the extent of damage caused by electronic attacks and attempts to protect network security. Well-designed business continuity planning in the event of an attack can save companies a lot of time and money.