Cyber War Games Provides Key Lessons about How Companies Should Respond to Data Breach
A recent article in Dark Reading, Cyber War Games: Top 3 Lessons Learned About Incident Response, provides an overview of Deloitte Cyber Risk Service’s staging of executive war games to show what might happen in the C-Suite after a data breach. The point of the exercise is to “stress test” their incident response plans, and identify the strengths and weaknesses of their communications, protocols, and cyber disaster preparedness.
Mary Galligan, director of Deloitte & Touche LLP Cyber Risk Services, stressed: “Without that discipline, there might be no business to return to once the crisis has passed.” Here are some of the key takeaways:
- Designate a Crisis Officer – You need someone to direct the response decisions. This might not necessarily be the CEO.
- Be Skeptical About The Information You’re Receiving – Information and intelligence surrounding the breach will constantly be changing.
- Resist Finger Pointing in Any Direction at the Outset – It’s important to keep an objective position until all the facts are clear.
Other lessons learned include:
You’ll never have enough time – Even the most seasoned executives aren’t usually equipped to handle data breach incidents.
Bring in help – Identify the key areas of crisis where third-party assistance will be valuable.
Don’t forget about your employees — While it’s important to keep the media, regulators, and customers in mind. You need to ensure clear communication with employees about the incident.
Don’t just do this once — Practice makes perfect.
You can read the full article on Dark Reading.com.