High-profile cyber-attacks seem to be hitting the headlines even more regularly in 2022. For every incident you see in the press, there are many more that never become public. We’ve spent an awful lot of time responding to ransomware attacks this year, and we have spotted some emerging trends.
Cyber-attack tactics
All ransomware attacks have a common thread – computers or systems are encrypted and you have to pay the hackers to make the pain go away. Stealing data has become commonplace but that isn’t the only tool attackers are using to ramp up the pressure on an organisation they’ve attacked. This year, the most common extortion threats are:
- Encryption
- Exfiltration
- DDoS (Distributed Denial-of-Service)
All these elements can combine to put companies in an even more demanding situation. If companies can’t operate because their systems have been encrypted and data may have been stolen, then they need to communicate but will struggle to do so effectively if they’re under DDoS attack with their phones or website offline.
Practical steps can also be overlooked in the immediate response to an attack as companies tend to focus on what they should be saying rather than whether they can say it. Even if a company can communicate, how confident are they that their email system is secure? Do they have the ability to send a message to all their clients with an up-to-date set of contact details?
Communications response to cyber-attacks
Over 50 percent of the incidents we have worked on in the first seven months of this year have required formal notifications to either clients, consumers or employees. These notifications form a key part of the communications response to make sure we’re telling the right people, the right thing at the right time.
New guidance from the ICO and an increasing desire from clients to ‘do the right thing’ means that companies are sending greater numbers of GDPR notifications. This presents a particular communications challenge. It is more important than ever that companies do not overpromise early on in an incident, even if the initial forensics picture is promising. Subsequent notifications can undermine those messages and make them seem disingenuous or an outright lie.
Telling everyone about ‘essential maintenance’ can buy you valuable time in the short term. But this can look dishonest if it is followed by a notification several weeks later that outlines a comprehensive ransomware attack.
How we can help
Ransomware attacks are increasing in frequency and impact. Unfortunately, it is now a case of ‘when’ not ‘if’ an organisation will experience an attack, but quick and effective communications can limit reputational exposure.
Preparation for cyber-attacks, such as creating a playbook to develop template communications materials or practising via a simulation in advance of an incident, are effective tactics organisations can implement to make sure they’re putting their best foot forward and presenting the right narrative to stakeholders is something that we can help with.
We also have extensive experience in advising companies through the communications response process once an incident happens. We work closely with legal and forensic teams to align communications to contractual, regulatory and technical developments – as well as the primary goal of keeping customers, clients, staff and other stakeholders informed with the right information, at the right time.
Finally, after an incident, there can be considerable work to rebuild relationships and restore trust in the organisation. While this can be challenging, we are well versed in enhancing an organisation’s reputation and getting them back to where they were (or beyond) before the incident.
