Cyber-criminals are unrelenting
The numbers in last month’s Facebook data breach were big. All told, 30 million accounts were potentially affected, with hackers stealing personal information from 14 million Facebook users. But, as big as those numbers are, the data breach is actually part of an even larger story: it’s a stark reminder, if ever we needed it, that cyber-criminals are waging a never-ending battle.
“Security is a bit of—it's an arms race,” said Facebook CEO Mark Zuckerberg during a call with journalists after the breach was first disclosed. “And we're continuing to improve our defenses, and I think that this [incident] also underscores that there are just constant attacks from people who are trying to take over accounts or steal information from people in our community.”
Other business leaders have echoed this point. Mark Douglas, former Head of Engineering at eHarmony, told CNBC that “these attacks are unrelenting. It was literally nonstop that hackers were trying to get access to our data.”
Indeed, a week after the Facebook breach, Google announced that it too had suffered a data breach in which the profiles of up to half a million Google+ users were potentially affected. That revelation came on the heels of a whole slew of recent breaches, not just in the tech sector, but also in retail, media, and education:
- Under Armour’s MyFitnessPal app was hacked, compromising the data of approximately 150 million users.
- California daily, The Sacramento Bee, was hit by a cyber-attacker who seized two databases, including a file of registered California voters.
- Cyber-criminals stole credit and debit card numbers belonging to Saks Fifth Avenue and Lord & Taylor customers. Approximately 5 million card numbers were stolen.
- More than 300 universities in the U.S. and abroad were attacked by nine Iranian hackers, according to the U.S. Department of Justice (DOJ).
Of course, these cyber incidents don’t end with the breach or even the public disclosure. They often spiral into larger financial and/or reputational crises. Google announced that it would be shutting down its Google+ service. And some commentators are asking whether Facebook users can trust the social media platform in the wake of its most recent hack. What’s clear, then, is that crisis leaders need to gear their plans for a world of unrelenting cyber-criminality and punishing public fallout.
The first step in the journey to preparedness for any kind of crisis—from cyber-attacks to severe weather to workplace violence—is planning. Unfortunately, planning still isn’t pervasive. A survey by the ODM group found that only 46 percent of companies have a crisis plan in place, though nearly 80 percent of leaders believe they are only one year away from a potential crisis.
Part of the problem is that planning is challenging. It requires organizations to allocate resources toward managing difficult events. The good news, though, is that planning for a crisis of one kind, such as a cyber-attack, can help businesses better prepare for other kinds of crises, such as industrial accidents or natural disasters. That’s because the fundamentals of crisis management planning apply to all kinds of crises, not just single scenarios.
As people go through the process of preparing for one type of crisis, they learn how to plan for crisis in general, which is different than business-as-usual planning. For example, developing a crisis management plan requires making decisions about the purpose and scope of the plan, building and maintaining contact lists, and learning incident terminology. Crisis management teams that have practiced these steps by planning for one type of crisis can more productively plan for other crisis types.
Of course, no matter how experienced your team is with crisis management planning, the process isn’t easy. Effective crisis management planning takes time and involves people throughout the organization, not just in IT, communications, or public relations departments. A business that’s well-prepared for a crisis has a core, cross-functional team of experts that includes representatives from the C-suite as well as senior managers from Finance, HR, Legal, etc. And, because crisis response might involve all employees, even the rank-and-file will need to know and rehearse their crisis roles, too, even though they’re not part of the core response team.
There’re so many facets to crisis management planning that it’s difficult to know where to start. That’s why we’ve put together an informative guide: 10 Steps to an Effective Crisis Management Plan. In it, you’ll learn:
- How a vulnerability audit can help you prepare for a crisis.
- How to classify crises so you can better understand your organization’s risk.
- What to consider when putting together your crisis management plan.
CNBC, Facebook security breach allowed hackers to control the accounts of up to 50 million users
Facebook, Security Update, Morning Press Call Transcript, September 28, 2018
CNBC, Hack attacks like this one at Facebook are unrelenting, says expert
Google, Project Strobe: Protecting your data, improving our third-party APIs, and sunsetting consumer Google+
Wired, The Worst Cybersecurity Breaches of 2018 So Far
Barkly, The 10 Biggest Data Breaches of 2018. . .So Far
CRN, The 10 Largest Data Security Breaches of 2018 (So Far)
The Guardian, Facebook to contact 87 million users affected by data breach
Alchemy, Avoid Crisis Nightmares—Identify Gaps & Strengthen Your Response Plan
For more on crisis management & crisis management planning, follow @TeamNoggin on Twitter.