You’ve just been hacked. Now what?

It’s Monday morning. You sit down at your desk and prepare yourself for the long week ahead. But before you can even grab your first sip of coffee, your computer suddenly becomes inoperable. A message appears on your screen, purportedly from a hacker group, claiming they have taken over your company’s technological infrastructure. As you stare in disbelief, confidential information and vicious threats flash on your screen. You’re under cyber attack.

If this sounds like something from Hollywood, well, it kind of was. It happened to Sony Pictures in November 2014, reducing its employees to using pen and paper, spoiling the theatrical release of its film The Interview and making global headlines in the process.

Unfortunately, Sony Pictures isn’t the only victims of hackers. Home Depot, Walmart, Winners and Target, have all been hit by data breaches, exposing these companies to vulnerable customers, lost revenue, nervous investors and years of litigation.

If you’re concerned about your personal or business information being stolen, you’re certainly not alone.

In February 2015, Navigator undertook the first in-depth opinion survey in Canada on the public’s awareness and assessments of data compromises, losses and breaches. We wanted to understand Canadians’ awareness and expectations regarding the private information they’ve entrusted to their retailers, financial institutions, government agencies and technology providers. We found that 70 per cent of those polled recalled recent data breaches in the news. Of these, nearly half could recall specific attacks on companies.

The fact that so many Canadians are aware of cyber attacks might explain why 79 per cent of those polled expressed that they were concerned about their data being improperly accessed. Further, 68 per cent believe incidents of cyber attacks have increased in the past three or four years. Canadians are most concerned about the safety of their governmental and financial information.

This public anxiety has manifested in two ways. First, more than half of Canadians believe our laws protecting online privacy are insufficient. Second, Canadians hold those who experience breaches or cyber attacks as responsible. Few will accept any deflection of responsibility in security compromises of their personal information or transactions.

Governments and organizations are quickly realizing the importance of cyber security. In Europe, new data protection laws coming into effect in 2018 will drastically increase fines for privacy breaches. This month, President Obama released his ‘Cybersecurity National Action Plan’ that boosts annual investment to over $19 billion. New measures include password research programs, addressing labour shortages and extensive public awareness campaigns. Perhaps most importantly, Obama’s plan creates the American federal government’s first Chief Information Security Office, a position that’s now common for large private sector organizations.

In Canada, a survey of IT professionals from Scalar Decisions Inc. found that reported cyber attacks increased 17 per cent in 2015. Respondents reported an average of 40 attacks per year, with 51 per cent experiencing a loss or exposure of sensitive information. Of those surveyed, only 37 per cent believe their organizations are winning the cyber war, a decline of four per cent from the previous year.

Ultimately, these denial-of-service, phishing, web-borne or rootkit attacks can damage a company’s bottom line. On average, respondents said their organizations spent approximately $7 million on the remediation of an attack. Incurred costs included clean up, lost productivity, operational disruption, damage or theft of IT assets and infrastructure, and harm to its marketplace image. In response to these growing cyber threats, respondents claimed their information security budgets have increased 10 per cent since 2014.

While investment in security infrastructure increases and governments implement tougher laws, some data breaches and cyber attacks are still inevitable. How can organizations best prepare themselves for the communications fallout of it all?

Obviously, it’s best not to be left scrambling in the event of a digital breach. That’s why we’re working with many of our clients to produce response plans for these occurrences.

Disorganized or delayed responses to security breaches exacerbate challenges with your customers, investors and media. You need an insightful response plan to defend your reputation. In fact, clear communication is something the public demands too. Our research found that over 60 per cent of Canadians expect affected companies to immediately disclose any breach, assure customers they will be reimbursed for any costs and comply with government regulators. If your company was hit with a cyber attack, would you know what to say or how to say it?

One of the key tools in any response is social media. It provides the means to push your message and the tools to understand what is being said about you and the incident. Further, advertising, analytics and conversation listening ensure your message reaches the right people while granting you the ability to measure its reception. A forceful, informed approach helps to define the issue on your terms while preventing the spread of misinformation.

In future years, cyber security will probably be viewed as a less intimidating topic. Modern infrastructure and procedures will likely be equivalent to those associated with product safety, and understanding the right, tools, responses, and professionals will be critical parts of doing business. However, how and when that will happen is still being determined. In the digital era, you can’t afford to be voiceless, incorrect or tone deaf. The current reality is that there are no procedures in place that can protect you better than taking the necessary steps yourself to ensure you have an appropriate and effective response to cyber attacks.

Photo: “Mud Lock” by darkday