67% of cybersecurity crisis detection is not by internal systems. Typically employees, customers or business partners discover it and report it to the security team. In an ideal scenario, this sets in motion a proven, tested protocol across the key security stakeholder groups. When communication and collaboration are lacking, panic and chaos often ensues making a bad situation even worse.
When very clear protocols are put in place across the different groups and they have received training and understand the hierarchy of threats (e.g., when it’s disclosed to the legal team that this is a level 2 breach they will fully understand the implications), each internal team will then know what protocols to launch, who to involve, the internal escalation path and clearly understand their roles and responsibilities to assist in eradication and recovery following an incident.
Follow a best practice approach for effective communication and collaboration in the event of a breach with these steps:
- Establish the common methodology you will use and clearly define roles and responsibilities
- Ensure you are communicating using a common vernacular, taxonomy(ies) and template message(s)
- Account for tooling of key systems that enable communication
- Organize data and response with automated tools
Our best practice guide to preparing for a cybersecurity event details all the steps to help ensure a positive business outcome.