If we do an analysis of 2020, we find two cases that are worth highlighting as good practices:
– Tesla: An employee notified management of a bribery attempt to enter malicious code on the corporate network. It resulted in a complaint to the authorities, with which the alleged hacker was investigated and caught, which is why the attack was avoided.
– Finastra: the London-based Fintech was the victim of rasomware. The attacker mistakenly triggered an alert on the servers, which resulted in a quick response from the company to stop the attack and not pay the requested ransom, taking care of its business and customer data.
The common denominator in these examples is the culture of protection on the part of the employees, coupled with the rapid response of the management and technology teams. In addition, the communication team that took advantage of this situation to reaffirm the trust of consumers as serious organizations that defend their interests.
However, during the past year we had multiple cases of attacks on sectors such as: government, social platforms, services, pharmaceuticals, a segment that is in the center of the spotlight for the COVID-19 vaccine, among others, since basically any Industry connected to the network is a potential victim of an attack, regardless of whether it is a corporate, a small and medium-sized company (SME) or a start-up.
In this sense, a digital crisis committee must be generated, which must be made up of an external analyst to transmit transparency, the digital security leader, together with the legal team to be able to measure the impact of the breach, what implications it had and recommend actions.
It must be added to the corporate communication leader in order to strengthen the link that exists with the media and key stakeholders, in addition to providing the necessary support and guidance to the company’s spokesperson when making statements. All this, while the reputational impact is measured in real time, while the corresponding plan is executed.
On the one hand, we must bear in mind that the more valuable the brand, the greater the risk exposure. This is because cybercriminals are also looking to run their business profitably. And on the other hand, the working model that we will have from now on will be remote or hybrid, which increases the danger of corporate and personal data. All in the context of the Internet of Things (IoT) that increases the access points as many devices have connected to the Internet.