Expert: How to Survive Cyberattacks

WE in the News



By Mike Miliard       [February 15, 2016      3:45 PM]

A breach-filled 2015 showed healthcare is at major risk for cyberattacks, a situation experts say makes it more important for health organizations to have plans in place to deal with the aftermath of a security crisis.

Nicole Miller, senior vice president at WE Communications, which counts Microsoft among clients, has long experience helping other organizations manage IT security events, whether advising them on preparation or helping them deal with the fallout of brand-name cyberthreats such as Blaster, Conficker, Stuxnet and Heartbleed.

[Also: 7 largest data breaches of 2015]

In her HIMSS16 talk, "Managing Customer Communications in a Cybersecurity Crisis," Miller will offer tips on devising a cybersecurity incident response playbook, engaging the media to better influence outcomes, developing a communications plan to prep for breaches and more. 

We asked her for some perspective on the right way to craft a breach response.

Q. There has been no shortage of healthcare security breaches over the past year. Do any of the organizational responses stand out to you? Either as a right way or wrong way to handle crisis communication?

A. The best responses I have witnessed are ones where companies are leading the story, not chasing it. Where they connect directly with their customers, rather than allowing others to control the narrative. Interestingly, we've found that if reporters are forced to rely on experts in the security industry to gain insight into what is happening, the resulting news coverage is 11 percent more negative for a company. In my experience, hackers don't wait for the chain of command to act, so having centralized communications is essential. Companies that are successful in cultivating and maintaining a more positive public perception are ones that plan in advance for the decisions they will be called upon to make, and that mobilize and execute their crisis plans at warp speed once the inevitable happens.

Q. What are some tips for engaging with the media in the wake of a breach?

A. Keep your customer at the center. Unlike many business issues, when a cybersecurity incident occurs, you do not have a monopoly on the information, and companies are increasingly in a sprint to inform customers and employees before the media or hacker go public. Understanding what is important to your "customer" audience –  whether consumers, partners, shareholders or others – and communicating directly to them is the holy grail of maintaining customer trust.

Know the cybersecurity media. The press that come knocking after an incident will not be the same ones who cover your company's earnings or new offerings. Instead, you will be taking with media who are deeply technical and highly connected in the security industry. A simple statement like, "We take security seriously" will likely be met with skepticism, or worse, contempt. But being able to communicate with them at a technical level can be the difference between a story that is straightforward and reports the facts, and one that has overtones of negligence, or if you are lucky, questions your understanding of the threats.

Understand the security community. The security community is very influential when it comes to determining how a company's response is received publically. Media often call on them to put an issue into context.  And they often take to their own communication platforms to offer their perspective on your incident (whether they have the full facts or not) to their broad set of followers. Research we have conducted found that coverage that includes their voices gets about 200 percent more social media shares – this is good news, but only if you like the message they are spreading about your company. So gather a supportive network in the security community by giving them insight into your security posture and being ready to speak on your behalf to offer additional perspective and balance media coverage of your event.

See all of our HIMSS16 previews

Speak up. Your greatest asset in media coverage is you. Reporters and customers alike want to hear from you. The cybersecurity space is a unique space. Once in it, we see victim organizations struggle to bring their story forward. Most often, someone else has beat them to the punch and is telling their story, through their lens, behind their agenda. Our research shows that when a company is not quoted in articles about their own security event, coverage of that company is 32 percent more negative. This is significant when you consider the volume of media and public attention a breach receives. For instance, a recent breach of a large healthcare company drove 1,300 articles and 14,000 tweets in just the first 24 hours after it was made public.

Q. What are some key components to a cybersecurity incident response playbook? Do they vary from place to place, or are there constants?

A. Absolutely. Playbooks are not a one-size fits all, nor should they be. In my talk, I will share some of the insights we have uncovered to help attendees develop their own playbook to help their organization prepare for and respond to a cybersecurity incident. Some of the things we will talk about include: how media reacts to a breach and the various levers you can pull to better manage the news cycle; how to ensure your customers hear your voice in an industry that is awash with noise and speculation; how to recognize the importance of preparation before a breach, and the powerful impact communications can have on customers, and business' bottom line, during and after a breach.

The session "Managing Customer Communications in a Cybersecurity Crisis" is slated to take place from 2:30 to 3:30 p.m., March 2, in Palazzo L of the Sands Expo Convention Center.

Write us your thoughts or questions.