High-profile hacks can be a double-edged sword for young tech execs. While they prove that even the biggest companies with the most resources can be successfully hit, they may blind young executives to the fact that no organization is “too small” to be a target. Sooner or later, it’s likely every tech leader will need to deal with an attack on their systems. It’s essential to know both how to respond to a successful hack and how to give your organization the best odds of heading off a serious incident.
Experienced tech leaders have dealt with all aspects of establishing a robust cybersecurity posture, from risk assessment to incidence response to preemptive planning. Below, 15 members of Forbes Technology Council share the tips they’d give a young technology executive who has just experienced a devastating hack.
Fast action to end and control the hack is key. Once that has occurred, then you must launch an immediate process to understand the root cause and determine the appropriate corrective actions. Along the way, frequent internal and external communication is essential; this helps to reduce anxiety and rebuild trust. It should become a learning opportunity for all involved both directly and at large. – Jennifer Esposito, Magic Leap
Take notes. If you are experiencing your first hack, it will be stressful, and you will feel under duress. With those conditions at play, it will be hard to recall the series of events. Keeping a record of the actions taken, including your learnings, will make you a much more confident and effective leader in the event of another incident. – Tara Anderson, Framework Security
Investigate the incident thoroughly, and learn from your mistakes. While the attack scenario might seem obvious to you, once you take a closer look, you’ll see that’s not the case. Let’s say attackers got into your system through a phishing email—that lies on the surface. But they could have exploited unpatched antivirus apps or an outdated operating system on certain machines that you are unaware about. – Mike Walters, Action1
Respond immediately to expel the attack from the environment and assess the full scope of the breach’s impact. If it was devastating, the best course of action is to clearly communicate what happened with internal stakeholders and customers. Being transparent with all parties about the cause, impact and steps being taken to remediate—and avoid a repeat—is the best course of action. – Sameer Malhotra, TrueFort, Inc.
Work to discover all of the details of the hack first. Establish a plan to fix the issue in the short term, then send notifications to those affected, with full transparency. Include timelines, resolutions and details of the impact. After the immediate threat is dealt with, move on to a long-term security repositioning. You can’t improve security before you know the details of the issues in full. – Greg Young, Uniform Law Commission
People need reassurance that you are doing everything possible to contain the damage. Also, use this hack as an opportunity to up your game. Do you have an optimally automated system for identifying and fixing new security issues as they emerge? Can you quantify your residual risk after your protective measures are accounted for (in dollars)? Is this risk acceptable to stakeholders? – Gaurav Banga, Balbix
An unfortunate event, underspending on cybersecurity (poor posture), or a combination of both will have led to the breach. Don’t fall into the same trap when it comes to remediation. Make sure a full root-cause analysis is conducted, and recover with fresh rebuilds from known good sources while adding additional security layers. – Murray Foxcroft, ProArch
Perform a root-cause analysis to understand what happened. Document and evangelize lessons learned to cultivate a security-aware company culture. Establish processes for finding, fixing and preventing security vulnerabilities in the future. – Caroline Wong, Cobalt
Learn from it, but don’t overreact. Most organizations will dump millions into solving all the gaps at once, which creates more problems. Very few organizations can handle that much change management at one time. In the end, most breaches are caused by a failure to focus on fundamentals. Use it as an opportunity to improve those, remove that noise and, ultimately, improve your program. – Lewie Dunsworth, Nuspire
What’s done is done and must be dealt with. Future responses must be guided by policy decisions about paying ransom requests, setting up appropriate resources for good hygiene, and executing on patches and configuration management (avoid hybrid cloud and Kubernetes implementations until 2025). – Steve King, Information Security Media Group iSMG
Unfortunately, security breaches are sometimes unavoidable. However, being prepared for an attack is very different from being prepared for what to do once a breach has taken place. There is a significant gap between the two. The biggest difficulty is a lack of preparation on how to respond to a breach after it’s happened. Protecting data requires trust, and teams should conduct exercises on both preparation and incident response. – Aytunc Ozturk, Mother.com
Consider making use of network detection and response services and systems. They not only offer early warnings of attacks but also detect suspicious internal behaviors and provide a recording (like a black box), keeping all transactions on the network. This becomes very useful when assessing if the claims of a ransom actor are true (they may be bluffing) and how much they are worth to you. – Patrick Ostiguy, Accedian
Never delegate to others the most important responsibility that you have. Stay up to date on each new kind of attack, and share your knowledge with your peers. Building a strong network with others in the same profession as you is always a winning solution and time investment for the future. – Cristian Randieri, Intellisystem Technologies Srl
As a tech executive, make security and protecting data a vital aspect of every technical decision. A process to continuously improve the overall security posture, with proactive and reactive measures, is essential. An immediate response to a hack is needed to avert further damage. However, making secure design and implementation second nature during product development should be the long-term goal. – Supreeth Rao, Theom, Inc.
The No. 1 rule you always have to remember is that there are more bad actors than good actors in the network security world. Assume nothing, and trust no one. You have to verify everything and keep asking questions of your security team. Listen to your security leadership, give them what they need and test. If you are not running red teams, you will get hit. Consider that everyone has bad intentions until it’s proven that they don’t. – Jim Parkinson, North American Bancard