As the coronavirus crisis continues to unfold across the globe, businesses and organisations are reporting a fresh wave of targeted Covid-19 cyberattacks on their networks. Recent studies have suggested that phishing campaigns and ransomware attacks have seen the greatest increase over the last few weeks with users clicking on links or attachments related to the coronavirus. Sophisticated attacks are taking place all over the globe, with the trusted World Health Organisation (WHO) seeing attempted breaches against its network more than double amid the coronavirus pandemic, while a hospital in the Czech Republic has also suffered a cyberattack. Closer to home, An Garda Síochána has warned the public to be aware of potential fraudsters attempting to carry out crimes online via phishing or social engineering scams. According to a recent report by Zurich, cybercriminals have been increasingly exploiting the public’s fear and increased distraction caused by the global pandemic.
With many organisations across the country now working from home, some will have seen their digital transformation somewhat accelerate beyond their control while others will be old hats at operating remotely. However, the risk of a cyberattack remains the same: remote and decentralised working can increase the likelihood of falling prey to various attacks. Recognising that breaches and attacks can go undetected for days or even months, your remote response to a cyberattack can have a significant impact on a company’s earnings and reputation well into the future.
The reputational impact of a cyber-attack
While the financial impact of a cyberattack can undoubtedly cause a dent in a company’s share price, of equal concern should be the damage that can be inflicted on an organisation’s reputation. As we’ve seen with hotel chain Marriott International’s global data disaster in 2018, there is a huge amount of trust placed in the hands of private business. In the aftermath of its cyberattack in which more than 500 million customers had their data exposed by hackers as far back as 2014, Marriott faced class action lawsuits by previous guests and a 8.7% drop in share price.
For many companies, the threat of a negative bottom line can send leaders into a tailspin and cause them to neglect the longer-term reputational impact of a cyberattack. However, organisations are judged harshly on their response to a crisis – and muddled, inadequate, delayed communications have the capacity to cripple a business. While the short-term costs of a cyberattack are significant, particularly if customer data has been compromised, the long-term consequences can be just as grave.
Plan, plan, plan
A quick and effective response to a cyberattack can be complicated by a lack of thorough planning, stress-testing and, in the current climate, other demands being placed upon the business. Some communications professionals may find their working environment to be quieter given current issues, so now could be the time to prepare. Businesses should make it a priority to issue current cybersecurity and remote-working procedures company-wide. If no relevant plans or policies are in place, now is a good time to establish at least some basic guidelines and share with colleagues via an internal communications function.
Companies should establish a risk landscape that will allow them to pinpoint where potential flaws lie, weed out any blind spots, and devise a range of diagnostics to administer across a number of scenarios. Each scenario-plan should lay out a comprehensive communications strategy, the criteria for decision-making, and the remote response team that will be needed. It’s important to ensure that everyone on the remote response team, from social media through to customer-facing staff, has the knowledge and skills they need to perform. To stress-test your plans, companies can remotely lead their teams through simulated exercises based on one of the realistic cyber scenarios. This not only gives teams the opportunity to pinpoint any shortcomings in planning, but it can also encourage team members to have confidence about the role they will play when such an incident arrives.
As Jacky Fox, managing director of Accenture Security, recently explained in an article in The Irish Times:
“One very effective tactic for security training is a phishing campaign, where everyone in the company receives a fake email that appears to come from a recognised colleague’s email address. In reality, the address is faked or ‘spoofed’, and it’s created to trick people into clicking on the link it contains. Running a phishing campaign is a great way of showing employees what a phishing email is, what it looks like, and how people can be duped if they’re not looking out for some telltale signs.”
Activate and Deploy
- When a cyber incident hits, speed is of the essence. Secure a reliable, private connection to convene your remote response team and assign them their agreed roles. With GDPR rules now dictating that the onus is on employers to report authorities, lawyers and wider legal teams should be quick off the mark to report the incident with the relevant authorities.
- Ensure your team has an open line of communication with those on the frontline working to investigate the breach and reduce its impact. A regular flow of information will help the wider team to make the right decisions and update communications as they see fit
- The guiding principles of crisis communications are accountability, urgency and proactivity. All are equally important and any attempts to the hide the truth, or a failure to communicate key information, will have damaging long-term effects on the business. Highlight what you’re doing to mitigate the impact of the breach in clear, jargon-free communications.
- Ensure you communicate frequently with your stakeholders via communications that are transparent and reassuring – sharing what is known and unknown about the incident, and again, what are you are doing to reduce its impact its vitally important.
- Once the situation is safely under control and the attack has subsided, it’s important to take steps to ensure a similar situation is avoided in the future. If handled correctly, a company’s reputation is likely to survive an isolated incident – but repeat offenders will not fare as well.
We are living through a poignant and trying time in history but this won’t put off cyber fraudsters and attackers preying on the fear and confusion wrought by this pandemic. We are encouraging all of our clients and partners to maintain an attitude of preparedness and collaboration in case a cyberattack hits their network.
As communicators, we play a vital role in protecting our organisations - during these uncertain, difficult times and beyond.