Your cart is empty
Empty notifications
Login Register

Impact of Crisis Communications.

Lesson 27/32 | Study Time: Min
Course: Level 5 Diploma in Cyber Security


Impact of Crisis Communications and Incident Response Planning


Did you know that a well-managed response to a major incident can be the lifeline of a company? There are numerous instances where mismanagement of major incidents, such as significant data breaches, have led to significant reputation damage and financial losses for organizations.

The Impact of Not Planning Crisis Communications and Incident Response

Planning for Crisis Communications and Incident Response is not an option, it's a necessity. Failure to plan often results in panic, confusion, and misinformation which can greatly amplify the impact of an incident. For example, the 2017 Equifax data breach, one of the largest ever recorded, exposed sensitive personal information of nearly 143 million consumers. The company's delayed and uncoordinated response led to significant reputational damage, huge financial losses, and even congressional inquiry.

Communications Approaches and Failures

Analyzing past communications failures can provide valuable lessons for future incident responses. A classic case of communications failure is the 2011 Sony PlayStation Network outage, where a data breach led to the personal details of 77 million users being stolen. Sony was heavily criticized for its poor communication, delaying to inform customers about the breach and being vague about the nature and scope of the incident. This led to a huge trust deficit and financial loss.

A Cyber-Resilient Approach

A cyber-resilient approach involves a comprehensive plan that includes incident detection, response, recovery, and learning. This approach can help a company to quickly contain the incident and reduce the potential harm. For instance, when the global shipping company Maersk was hit by the NotPetya ransomware in 2017, they had to reinstall their entire IT infrastructure. However, due to their resilient approach and quick communication, they managed to recover within 10 days without paying the ransom, showcasing a strong example of cyber resiliency.

Learning from Major Cyber Breaches

Reflecting on major cyber breaches

Major cyber breaches serve as stark reminders of the damage that can be caused by inadequate incident response. For instance, the Yahoo! data breach of 2013-14, which affected 3 billion accounts, is a perfect example of mismanagement of a cyber incident. Yahoo!'s late disclosure, two years after the breach, caused significant reputation and financial damage, and reduced the company's sale price by $350 million in its acquisition by Verizon.

Isomorphic Lessons

Learning from these breaches, companies should implement isomorphic lessons, replicating successful strategies and avoiding the missteps that led to catastrophic consequences. This can include creating an organisational CERT (Computer Emergency Response Team), improving communication during crisis, and building a more cyber-resilient approach.

Overall, effective communication and incident management are critical in ensuring business continuity and resilience in the face of cyber threats. By learning from past incidents, organizations can better prepare for and respond to future threats, minimizing potential damage and ensuring their survival.

Previous Lesson Next Lesson
Saqib Shehzad Bhatti

Saqib Shehzad Bhatti

Product Designer
Profile

Class Sessions

1- Introduction 2- Cryptography: Understanding the concept and application of cryptography. 3- Symmetric and asymmetric modes: Understanding the different modes and approaches in cryptography. 4- Cryptographic methods and standards: Assessing how cryptographic methods and standards support the security of cyber-enabled networks and devices. 5- Standards, regulations, and laws: Understanding the standards, regulations, and laws related to encryption in business and government organizations. 6- Methods of attack on encrypted data: Understanding the different methods of attack used to target encrypted data. 7- Additional encryption methods: Assessing the availability of additional encryption methods. 8- Escrow and recovery principles. 9- Evaluation of existing encryption. 10- Designing an encryption plan. 11- Recommended courses of action. 12- Introduction 13- Investigation lifecycle: Understand the stages involved in a digital investigation from initiation to conclusion. 14- Digital domain investigation organization and management: Explain how a digital investigation is organized and managed within a digital domain. 15- Tools for digital investigations: Analyze the range of tools available to support digital investigations in different situations. 16- Selection of tools for digital investigations: Select the appropriate tools to carry out a digital investigation for a given situation. 17- Skills required for investigations and forensics work: Explain the types of skills required to undertake various investigations and forensic-related. 18- Dynamics of forming and integrating investigation teams: Explain the dynamics involved in forming and integrating digital investigation teams. 19- Plan for the formation of investigation and forensics teams: Develop a plan for the formation of an investigation and forensics team. 20- Retrieval of evidence from mobile and IoT devices: Explain how evidence can be retrieved from mobile devices and IoT devices. 21- Safeguarding evidential integrity in digital investigations: Analyze how evidential integrity is safeguarded during digital investigations. 22- Storage and presentation of evidence. 23- Introduction 24- Incident Management: Planning and Response 25- Business Continuity Management in Incident Planning and Response 26- Integration of Disaster Recovery and Crisis Management in Cyber-enabled Incidents 27- Impact of Crisis Communications. 28- Introduction 29- Senior leadership in a tech sector setting: Understanding the roles and responsibilities of senior leaders in the technology industry. 30- Integration of management and operational programs: Exploring the importance of integrating management and operational programs for optimum performance. 31- Risk management and threat identification: Understanding how risk management and threat identification are integrated into wider corporate strategy. 32- Data protection legislation and strategic Leadership.
noreply@uecampus.com
-->