Preparing for What Cybersecurity Claims is Inevitable: Being Hacked
Cyberattacks remain a top concern for many organizational leaders and it likely doesn’t help to hear an industry professional make a dark claim that no organization "is unhackable,” which is what Hack The Box CEO Haris Pylarinos has said.
He made that statement to Ellen Jennings-Trace at TechRadar Pro for her article, Everyone will experience a hack — how incident response can protect your organization.
“Everyone will experience a hack,” Pylarinos told her. “It's all about how you handle it, how fast you find out about it and how you treat your customers through the process.”
As in any interaction, incident, dispute or crisis, once a problem affecting other people’s trust in you and your reputation, it is, as he says above.
People want to know that you understand the problem and gravity of it and also have clarity about the impact on others and will be patient and attentive to listening to the stories and complaints.
You’re being tested on it and being scrutinized about how seriously you take it, not with robotic comments but instead, more impressively with action and sincere depth of care “through the process.”
It isn’t just the escalating costs of breaches that is the pain point. It’s that invaluable relationship marker of trust. It’s not always, Pylarinos said, what happens but what happens next that most matters.
“I don't believe that your reputation is damaged if you have been breached," Pylarinos told Jennings-Trace. "Your reputation is damaged if you don't handle an incident well.”
I’ll respectfully push back a little on this claim. Of course, trust and reputation is negatively affected when a breach occurs.
Stakeholders expect that you will prevent it from happening, even if the belief or reality is that breaches are going to happen and do happen more often than we know. People expect you to defend against hacks as a primary, fundamental duty.
However, Pylarinos is absolutely correct in saying that, “Your reputation is damaged if you don't handle an incident well.” That goes for any professional in any industry and cybersecurity is no different.
This reality is confirmed, in a way, by what Jennings-Trace wrote.
“Human error remains the number one challenge for cybersecurity teams in preventing attacks, so making sure all employees are prepared — not just security leaders — can avoid falling into the trap of being panicked into action,” she communicated.
Panic as an Advantage
Cybersecurity incidents don’t just create stress, per Pylarinos, they lead to panic. That’s a positive, he asserts.
“Working on security comes with a big chunk of stress — that's the job," he said. "You have stress when there's an incident, (but) you're not just stressed, you are panicked.”
That becomes a driver for what is required.
“You use your panic to your advantage by working methodically towards a solution…" Pylarinos stated.
That “panic” should include the commitment to transparency of communication, not just at the beginning but through the incident response for relationship trust, Jennings-Trace wrote.
“Customers need to know — it's the least you can do for your customers — and it’s not just customers, it’s employees,” Pylarinos said, “You ought to tell them what's going on, and you ought to tell them, I'm doing everything in my power to restore that.”
A sense of urgency is critical, as is high-level transparency, despite some claims online that is not necessary or advisable.
Communicating effectively that you clearly recognize the problems and are going to do everything in your power to correct them is expected and valuable. And of course, always be increasing your competence, to lessen the likelihood of risks transpiring.
Consistency in these tasks are shows of leadership and professional behavior worthy of being considered trustworthy, benefitting organizations, missions and professionals.
This newsletter — Reputation Intelligence — is written by Michael Toebe, and is a product of Reputation Intelligence - Reputation Quality, a firm which helps individuals and organizations assure a greater peace of mind, provide stress relief through reliable decision analysis, consulting, advisory and communications.
Professional Analysis and Opinion — Consulting — Advisory
Reputation Communications — Defamation Response — Speaking Engagements
Crisis Communications — Crisis Management
