How You Respond Is Just As Important As How You Defend

Standard

In yesterday’s post The Growing Ransomware Threat, I wrote about the increase in ransomware attacks.  One of the situations I made reference to was the attack last week on Cleveland Hopkins International Airport.  As a quick reminder, the attack impacted information screens and other displays.  No flight control or safety systems were affected.  It took the airport eight days to fully recover.  During that time, communications were not exactly reassuring.

airport-message-board-outage

While ransomware attacks are nothing new, the situation at Cleveland‘s airport illustrates what can happen if you don’t have a good response plan.  City and airport officials have come under criticism for not disclosing the attack quickly enough, nor acknowledging that the attack was ransomware.  With a highly public and safety conscious facility like a transportation hub, it’s easy to understand people’s concern.   When they don’t feel like they are getting clear information, they are left to their own conclusions.

Attacks like this will continue to happen and how you respond is just as important as how you defend against them.  In the case of Cleveland, the City Council promptly passed emergency measures to spend city funds on more defensive technology and to hire additional IT staff to address the threat.  While this was a smart move, it lacked information as to what the city had been doing.  As a result, people are left to draw their own conclusions, not the least of which is that it makes it look like Cleveland was negligent in not budgeting for these new technologies and roles to protect it.  That’s a PR problem for sure.

The city also waited for the FBI to tell them what was wrong, before going public.  While that too, is not a real concern in and of itself, when they did go public, their messaging was not well thought out.  Therefore, more criticism followed.  Here’s a link to a good article that shares more information about Cleveland’s response.  I think the lessons are pretty clear here.

Be sure that you are investing in the right technologies and personnel to help you defend against cyberattacks.  Make sure part of that investment includes a response plan for when you have an attack.  Yes, assume that you will be attacked.  When you are, how you respond, who is authorized to speak to the media, what the talking points will be need to be planned and reheared ahead of time and updated for the current situation.  People will quickly see through any deflective communications.  Better to tackle the matter transparently and show that you are prepared, no matter the outcome.  Your reputation and your business may very well depend on how well you respond.