Standing Partnership & Guest Blogger Heather MacKenzie, ICS Cybersecurity Specialist of Nozomi Networks, have teamed up to show their readership the importance of pairing crisis preparedness with cybersecurity technology and how it will protect the brand and the OT network of industrial companies when a cyber incident happens.
Over the last ten years, there has been a big shift in the level of concern over industrial cybersecurity risk. Executives at energy, utility and manufacturing businesses didn’t lose sleep over potential cyberattacks in the way they might have over major safety or environmental risks. Fast forward to today, where interconnected systems deliver higher value and improve productivity, but also expose operations to cyber risk.
The technology solutions from Nozomi Networks provide complete visibility into operational technology (OT) networks and their risk exposure, improving critical infrastructure cyber resiliency and operational reliability. The organization’s products help (information technology) IT and OT work together to reduce risk and speed incident response.
But there’s a second risk that unfortunately comes with a cyberattack – that is the impact on your corporate reputation. Combining Standing Partnership’s crisis preparedness and mitigation strategies with Nozomi Networks advanced technology leaves industrial organizations well equipped to protect their reputation – and their OT network when a cyber incident happens.
How to Manage Risk and Protect Your Organization’s Reputation
No organization is immune to crises. Data breaches often top the list of potential threats. In a Standing Partnership/Edison Research survey of 1,000+ executives, 34 percent reported that IT and security issues had created a reputation problem in the past, with more than half anticipating similar problems in the future.
The energy sector is particularly vulnerable. Recent revelations about cyberattacks perpetrated by Russian hackers against U.S. energy companies emphasize how important crisis readiness is. According to Cisco, the number of so-called distributed denial-of-service (DDoS) attacks is projected to grow to 3.1. million by 2021.
Increasingly, companies are judged not by whether they experienced a crisis, but by how they handled it. Successful crisis management is measured by the ability to navigate the situation with a stable stock price and an untarnished reputation.
The Difference Between Risk & Crisis and Why You Should Care
Crises can be caused by external or internal factors. A natural disaster is an external threat beyond your control, yet it’s still important to respond with speed and transparency. Organizations typically rebound faster from external crises because it is easier for stakeholders to forgive unintentional harm.
On the other hand, incidents resulting from purposeful misdeeds or negligence that could have been prevented (e.g., poor cybersecurity measures or unethical behavior) are more difficult for stakeholders to “get over,” often leading to reputational damage.
Not every risk causes a crisis, but those you should have known about and taken steps to address are the ones most likely to cause damage. It is recommended to periodically inventory potential threats and develop plans for preventing them from escalating or mitigating the impact should they happen.
For example, cyber hacking is a threat that companies have no control over. However, acknowledging the risk allows the organization to evaluate its IT/OT infrastructure and operational policies to identify and close loopholes, and establish procedures for a timely and effective communications response.
Preparedness is Cheaper Than a Disaster
A poorly handled crisis has broad implications. Regardless of what caused it, impact on stock price and brand is almost immediate.
Reported losses from cyberattacks run in the millions – Merck: $780M, Maersk: $300M, FedEx: $300M. If your efforts around crisis preparedness are met with reluctance, bring up Accenture’s $11.7M per organization cost of cyber crime.
Best Practices for Crisis Preparedness
What you say, how you say it and the channels you say it through can either bolster or diminish your customers’ and stakeholders’ trust. So, how do you prepare for a crisis? Fortunately, there are crisis preparedness best practices you can follow, including:
- Align all your crisis response plans: Assemble all existing policies, business continuity, operational and communications plans, plus reports that outline the risks your organization faces. Determine how current they are, and list the gaps.
- Build or update a cross-functional crisis team: Your crisis response team should include representatives from across the organization – safety, operations, legal, IT/OT, customer service, communications, HR, etc. – depending on your business and industry. If you have a head office and remote operational units, determine who from each location should be on the team. Make sure contact information is up-to-date, and that each member has a back-up.
- Develop a written plan: It’s best to have a written crisis response plan that contains responses to scenarios most likely to impact your organization. A typical plan includes the response team list and responsibilities, criteria for assessing severity, a decision-making protocol, key messages, list of communications channels, and sample communications such as internal and external announcements, media statements, social posts and press releases. A plan eliminates second-guessing and speeds up response during a crisis. Ideally, it is reviewed and updated every six to twelve months.
- Train your team: A plan without training isn’t worth much. Gather the cross-functional crisis response team at least once a year to run through the communications plan, and make sure members can execute seamlessly during high stress situations.
Protecting Your Organization’s Reputation While Managing OT Risk
To protect your corporate brand and manage OT risk, preparedness is key.
Fortunately, proven reputation management strategies and advanced technologies make it a whole lot easier. The Standing Partnership reputation management experts can help you navigate cyber incidents with minimal damage to your reputation. The Nozomi Networks solution provides superior ICS network and asset visibility, and rapidly identifies cyber threat and process risks. This winning combination of crisis mitigation processes and real-time ICS cybersecurity equips you to handle any cyber threats that come your way.
The Complete Guide to Crisis Communications Planning
We hope this step-by-step guide helps you assess your organization’s preparedness for a crisis.
Standing Partnership Whitepaper: Viewing Business Risk Through the Reputation Lens
Nozomi Networks Blog: Russian Cyberattack on Critical Infrastructure: What you need to know
Mihaela Grad, Vice President, Standing Partnership
Standing Partnership clients trust Mihaela to help them solve their complex marketing and corporate communications challenges. She leverages her extensive sector expertise in life sciences, agriculture and pharmaceuticals to build and execute plans to engage critical stakeholders, gain public acceptance, navigate regulatory affairs and manage corporate reputations.
Guest Blogger: Heather MacKenzie, ICS Cybersecurity Specialist, Nozomi Networks
Heather has worked in the field of industrial cybersecurity since 2008, authoring many articles and white papers on the topic. As an ICS Security Specialist, she helps OT/IT teams responsible for industrial control networks understand cyber risks and how the Nozomi Networks real-time cybersecurity and visibility solution is uniquely positioned to address their needs.