By Ric Opal, Principal and National Leader of IT Solutions and Strategic Partnerships at BDO Digital
From username, password, and credit card hacking to other forms of authentication attacks, Microsoft blocked, on average, 4,000 identity authentication threats every second in the past year. While organizations are focused on safeguarding their systems, people, and external stakeholders, the reality is that every organization will experience some form of breach. Your role is to minimize its impact and build long-term resilience.
Leading through a cyber incident with empathy and collaboration can not only help minimize its impact, but also instill confidence in your team and key stakeholders.
Lead with Empathy
It’s not uncommon for organizations to feel overly confident and think they are prepared for a breach. While they likely have procedures in place, they may not be well documented, tested, or honed. The cybersecurity technology to help identify and remediate a threat might be there, but it will prove ineffective if it’s not configured properly, or if teams aren’t adequately trained to use it. Without regular testing, your organization can’t respond quickly and effectively when it matters most.
As a cybersecurity leader, your most important mandate is to respond to any threat with empathy. Teams across your organization will inevitably stress over the situation, and there may be individuals — even members of your leadership team — who feel ill-equipped to implement a technical solution to a cyber incident. Strong leadership requires an empathetic approach to earn the confidence of stakeholders and avoid cascading stress throughout the organization.
In a crisis, leaders must have empathy with what their team is facing and how it’s potentially impacting the broader organization and its stakeholders. They can then channel this empathy to lead with strength. Leaders have an opportunity to be a voice of calm during an incident and exhibit perseverance throughout the event.
Identify Cyber Threats and Mobilize the Team
Preparedness is key to a quick and effective response to a cyber event. In moments of crisis, it is impossible to snap into response mode if there has been no mandate on planning and training.
All team members — from those involved in direct response to leadership teams and board members — should be aware of and well-versed in the organization’s incident response plan that will be followed during a security event.
While you may have avoided serious cyber incidents to date, your workplace cannot rest on the same systems and processes it’s had in place for years. Your systems — the combination of training and technology — may have been superseded over time, leaving you vulnerable and with a false sense of safety. As a leader, it’s important to be open to change and permeate that mindset across your team.
Typically, the weakest link during a breach is your people, not your technology. But as with all areas of a business, investing in your employees can turn them into your greatest strength and a critical line of cybersecurity defense. If your teams are well-practiced, they will be prepared to act reflexively. Following processes will become second nature. In turn, your organization will feel a greater sense of confidence.
Collaborate and Foster Organizational Resilience
Collaboration across departments, from legal to IT, and up and down the organizational chart, is essential to minimizing the harm of a cyber event and reaching a speedy resolution. Think of this level of collaboration like a surgery: our doctor doesn’t race you straight to the operating table; rather, a whole host of processes must run their course to make sure you receive the appropriate care, from bloodwork to imaging, consultations with specialists, and more. Similarly, an effective cyber incident response requires input beyond the IT department.
Accurate communication is key to the response of a cyber-attack as it unfolds. As a leader, avoid over-promising solutions, or setting deadlines for responses that are outside your control. Instead, to build stakeholder confidence and peace of mind, set targets for regular updates and always deliver on them.
In times of both crisis and not, transparency is critical. Be aware of what your team does know and, more importantly, what they don’t, and then connect with those best suited to provide a solution. The reality is that cyber threats are continually evolving in frequency and sophistication. To build resilience, you may need to embrace experts from outside your organization to help you through a cyber-event. These experts will not only be able to provide perspective to your response because they’re not emotionally tied to it, but they may also have access to different tools and experiences to pull from that will help you navigate a cyber incident more effectively.
When it comes to cyber-attacks, experience matters. It is important to keep in mind that even if your company hasn’t suffered a cyber-attack, it is almost a statistical certainty that another organization in your network has. A strong leader will seek out and learn from their peers on best practices to respond to similar cyber incidents.
Minimize the Pain
Given the scale and prevalence of cyber-attacks, it is virtually impossible to completely avoid and eliminate them — but that doesn’t mean your business can’t prepare. As a leader, your job is to minimize the impact of a cyber event. You are the driving force of returning your business to a normal operating state, as quickly as possible and evaluating and learning from the event. It’s important to reflect on what happened and why. The inevitable cyber-attack is a teaching moment to shore up your organization’s cybersecurity.
As the saying goes, “Practice makes perfect,” but I had a coach who liked to say, “Perfect practice makes perfect” — and that’s why you develop an incident response plan and conduct test exercises for everyone in the organization. Then, when you face a breach, it’s game time, not practice.
Ric Opal is the segment leader of Cloud Security and Infrastructure at BDO Digital and oversees the company’s IT Solutions Group and strategic partnership executive relationships. His commitment to instilling customer satisfaction as a core value for the organization is exemplified by his continued effort to identify new opportunities that drive real value to the customers through the careful alignment of the right people, processes, and technology.
