Organisations can and will always face crisis situations. Although critical events cannot be avoided, the physical, financial and reputational damage of a crisis can be managed and minimised by putting effective systems in place and committing time to planning.
The cyber playing field
Any incident that impacts an organisation’s business continuity has the potential to escalate into a critical issue. For example, large organisations can be routinely faced with IT outages, network issues or even complete infrastructure failure.
According to the 2015 report from the Ponemon Institute, ‘2015 Cost of Cyber Crime Study: United Kingdom’, cyber-attacks cost businesses on average £4.1 million per incident and each incident can take an average of 31 days to resolve.
A recent report from Arbor Networks suggested that the most prevalent form of cyberattack – distributed denial of service attacks (DDOS) – are getting far more sophisticated. More than 200 of the reported attacks in 2015 caused 100 gigabits per second (Gbps) of additional traffic. The largest reported attack recorded 500 Gbps – which equates to the entire internet connectivity of Kenya during 2014.
When attacks occur, the business is unprepared and crucial services are brought down, the reputational impact can quickly became an issue that reduces consumer confidence and consequently brand value. Large scale attacks even have the ability to impact share price value.
The most high profile attack of 2015 was against the illicit affair website Ashley Madison, other brands involved in high-profile cyber-attacks in 2015 included Carphone Warehouse, TalkTalk and the US Office of Personnel Management.
The number of companies reporting DDOS attacks has been doubling each year and when brands such as the BBC, Evernote and eBay are victims it demonstrates how seriously organisations should be taking DDOS. Planning what to do when DDOS takes place is important, but equally critical is how victims of DDOS should communicate in light of an attack.
Effective communications get through
In the evolving cyber threat landscape, businesses need to take a closer look at their existing critical notification systems to determine whether they remain effective for communicating information. Businesses cannot be prepared to go on hold for a month to resolve a cyber-attack. Therefore the major measure that businesses should adopt is a plan B that enables them to communicate quickly and effectively in the event of a breach.
Effective communications in critical situations depends on two key things: delivering the message to the right individual, and receiving an acknowledgement that the message has been delivered and, if necessary, actioned. In the case of a cyber-attack, a business will need to send both internal and external notifications to minimise damage. Internal experts will need to be located and informed of the issue instantly so the situation can be assessed and immediate action can be taken. If they are impacted, customers must be informed early to protect consumer confidence and brand reputation.
To assure these critical communications during system downtime, major service disruptions, and even complete network breech, an organisation’s critical communications platform must be completely separate to its normal network. Utilising SaaS-based Cloud tools is the only effective way to ensure continuity of communications during a crisis. It offers the reliability, security, and in many cases the scalability necessary to communicate with key stakeholders during periods of IT outage.
All for one, and one for all
Utilising a SaaS-based Cloud tool also offers the integration necessary to communicate quickly with a large and diverse range of stakeholders. A fully integrated communications system can be configured to deliver messages to one person, or one million people. This ensures that the organisation can inform key executives, stakeholders, and customers quickly and accurately during an IT incident.
Integration is key when managing a crisis emergency such as a cyber-attack, as these events are unexpected. The novelty of the situation makes the problem much more difficult to diagnosis and deal with, as the threats have never been encountered before, and there may be no plans to manage it.
There may be multiple angles which, while not new individually, in combination pose unique challenges to the response. The novel nature of a crisis emergency means that policies, processes, training, and exercises that work well in routine or planned-for situations are inadequate, and may even be counterproductive.
Having a secure, cloud-based critical messaging system in place, completely separate from the corporate network, is the only way an organisation compromised by a cyber-attack can communicate reliably.
Utilising multi-modal communications
It can be surprising how often large organisation still rely on internal emails, manual call trees, or website and social media announcements to communicate critical information during a crisis emergency. The problem many face during an incident is that no single delivery path is ever 100% reliable 100% of the time. To be effective, emergency communications must be multi-modal. This is the only way to increase delivery and response success.
Consider smartphones. According to OFCOM, more than two thirds of UK adults own a smartphone personally, and many businesses now routinely provide employees with devices to use for work purposes. In an emergency situation, sending a message to an individual’s smartphone will be the most likely method of communicating critical information. But how should the message be sent?
The key to an effective, multi-modal critical communications plan is having the ability to send a message through all available channels, and have this message acknowledged. With just a smartphone to communicate to, a business can send a SMS text message, make a call, send an email, or deliver a notification through a dedicated application, all at the same time and until an acknowledgement is received. The recipient can simply reply to the SMS message, answer the call, or press ‘OK’ on a notification to acknowledge that they have received the message and are taking action based-on the content.
As technology continues to evolve, so does the way it is used and abused. The world is unpredictable, and unified critical communications need to be easily adaptable to effectively manage a future crisis. Customers, employees and stakeholders are increasingly connected. Companies have the ability to communicate critical, even sensitive information to a wide range of individuals quickly and reliably in an emergency situation, if they put the right tools in place before the crisis occurs. Technology is changing fast, and to create an effective ‘plan B’ companies need to determine not only how they can utilise critical communication tools now, but how they can use them in the increasingly complex future.