ChannelLife Australia - Industry insider news for technology resellers
Australia
Guides
#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes
Search
#
Advanced Persistent Threat Protection
#
Risk & Compliance
#
Cybersecurity

Video: 10 Minute IT Jam - An update from Trustwave

Wed, 16th Aug 2023
FYI, this story is more than a year old
Author image
By Tom Raynel, Managing Editor

Organisations are facing rising threats from cyber attacks, and the difference between weathering a crisis and facing disaster often comes down to preparation. This was the stark message from Craig Searle, Director of Consulting and Professional Services for the Pacific at Trustwave, as he spoke about the vital importance of crisis communication and management in today's digital landscape.

Trustwave boasts a world-leading team of security consultants, threat hunters, and researchers, all working to protect clients from the damaging impact of cyber crime. But as digital threats multiply in scale and sophistication, the challenge is less about whether an incident will occur, and more about how an organisation will handle it when it does.

"The biggest thing that we're seeing in the market is that organisations that are well organised and well prepared tend to experience incidents, crisis or even a minor incident, with much less impact than organisations that have either not ever stress tested their crisis management regime or they haven't really given it ample consideration," Searle explained.

He drew a parallel with elite sports, saying, "You wouldn't expect the Matildas to run onto the field without having done any training. In the same way, you wouldn't expect a crisis management team to enact a crisis management playbook during a time of high stress and demand without at least having walked through it and understood what are the weak points, what works well, what doesn't, and making sure that in times of extreme stress they can be relied on to make the right decisions at the right times."

From Trustwave's position as a leader in digital security, Searle and his team have a front-row seat to the common missteps that occur in crisis simulations. According to him, three major issues crop up repeatedly, with the first being a lack of clarity about who is empowered to make decisions – and what happens if they are unavailable.

"Delegations of authority and decision chains" often become muddled, he said. "If those two people (entrusted with decision-making) are not available, it becomes very murky very quickly, and decision making becomes really problematic and bogged down."

The second issue relates to whether people actually feel willing and able to use those delegations of authority. Sometimes, Searle warned, even if the protocols are in place, "the executives in charge will be unwilling to make that decision because they're not sure if they actually do have that level of delegation. So, it's really important to make sure that people understand how far the delegations of authority go and that they are willing to actually exercise that power."

Thirdly, communication breakdowns between teams can cripple crisis response. "We do see that organisations have challenges when they're handing off information between teams... and at times that organisations that are heavily siloed during crisis response tend to have slower, less effective responses." During a real emergency, the crisis management team must operate as "a single cohesive unit," Searle said, even if day-to-day business is more fragmented or compartmentalised.

In the pressure cooker environment of a cyber attack, a poorly defined decision-making chain can be catastrophic. Searle detailed, "The biggest one is just lack of speed. So it's unclear as to who is making what decision. There's usually a fair bit of confusion about then who is making the decision, who's not making the decision – that is just as important." This confusion wastes precious minutes or hours and undermines an organisation's ability to respond effectively.

Another danger is "paralysis by analysis." Many organisations, Searle observed, get stuck endlessly waiting for more information before acting. "A lot of crisis responders tend to find that they are waiting for another set of information, or just one more piece of information to confirm an assumption, or something along those lines. But the reality of crisis management is that often you are being forced to make decisions with not enough information under time pressure that have real world business impacts. If you continue to wait for more information to become available, you'll often find yourself in a situation where no decision is actually worse than making the wrong decision."

Searle's advice is simple but crucial: "There are thresholds within which you need to be willing to make a decision and accept the fact that it might not be correct or it might be imperfect. This is certainly one of those situations where perfect is absolutely the enemy of good."

So what are the protocols that really make a difference in withstanding a cyber event? For Searle, comprehensive and practical playbooks are essential – but not just any will do. "Having playbooks that adequately represent the capabilities in the environment and the likely types of incidents you're to experience really helps provide those boundaries for an organisation to operate within during a crisis."

He insisted, "It's really important to have roles and responsibilities really clearly defined... ensuring that delegations of responsibility are assigned to roles, not individuals, so that it becomes clearer that when someone is operating within a certain role during a crisis then they have the authority to make decisions of whatever nature."

Clear communication, both externally and internally, completes the triad of robust crisis management. "Often that is typically thought of as communications out to the market and to the public, but it's also really important to understand what communications go to your internal staff members, when and how. They are often just as impacted by these incidents as anyone else. They do often feel like they wear a degree of burden for carrying their organisation during that time, and so it's really important to have high quality regular communications to the internal team as well as obviously the customers and the general public," Searle added.

As the threat of cyber attacks continues to grow, the message from Searle and Trustwave is clear: be ready, be clear, and practise decision-making under pressure. He summed up, "It's really important for organisations to be comfortable with being uncomfortable during that decision-making process."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Innovation forges a secure & sustainable technology future
Ransomware attacks expose urgent risks for critical utilities
Outpost24 expands platform for data & social threat defense
FICO launches Marketplace to link firms with AI data partners
Efex strengthens cyber services with Datcom buy amid expansion
Top stories
Sinch partners with OneReach.ai to boost global AI comms
Broadcom forces VMware clients to roll back crucial updates
Striking the AI balance: How to maximise the opportunity while minimising the risk in global retail
Asia-Pacific organisations honoured for digital transformation
DXC launches solution with SAP & Microsoft to boost AI use