Company responses to cyberattacks dictate public perception.
After a major breach of SolarWinds’ network management software, various entities, including companies and government agencies, had various reactions in order to manage the crisis. This post discusses the cybersecurity saga and how companies can implement efficient crisis communications management.
1. Quickly notify the public
Swiftly notifying the public is key to crisis management. An entity’s audience is deserving of information regarding matters that affect them. When it comes to cybersecurity and confidential details, keeping breaches a secret is dangerous.
To that end, the Cybersecurity and Infrastructure Security Agency practiced communication due diligence by warning the American public of the crack in SolarWinds’ platform. It additionally encouraged them to read and digest helpful resources.
Microsoft, which experienced a hack into its internal network via the SolarWinds Orion app, shared its security team’s actions to extinguish the ravaging effect of the attacks.
Simply put, informing the public is the ultimate sign of transparency that leads to trust.
2. Don’t be slow nor shy to ask for help
Crisis management demands that companies take necessary steps to address the cause of a problem. This implies that they should reach out to relevant entities for adequate support whenever a crisis presents itself.
When SolarWinds noticed the invasion in its system’s security, they instantly contacted Microsoft to aid them in an internal investigation. If the company had kept quiet about the cyberattack, the situation could have been worse.
Companies who have experienced a cyberattack may also want to bring in outside public relations advisors to help manage the corporate communications crisis.
3. An alliance is necessary
In keeping with the practice of notifying the public, certain government agencies have issued regulations that stipulate how soon the public must be notified in the event of a cyberattack.
Therefore, public companies in the cybersecurity sector are mandated to file with the Security and Exchange Commission within a period of time upon the discovery of a security breach.
This requires the PR team to work in tandem with the legal department of the compromised company.
4. Be swift with action
While public relations decries rushing into mindless action, it upholds quick and calculated gestures. Clever responses prevent the crisis from eating too deep and doing grave or irreparable damage.
The approach employed in the SolarWinds cyberattack situation included the following steps:
Cybersecurity company FireEye promptly alerted SolarWinds, the general public, and the federal government of the invasive campaign it had uncovered. It also reached out to Microsoft to share intel about the attack on SolarWinds.
5. Do your best
A sure way for a company to manage a crisis is to indicate an eagerness to prevent a similar incident from happening. To assuage the concerns of the public, the company should make a thorough effort to prevent another cyberattack and remedy any damages. In fact, these actions are what restores the company’s image.
Since Microsoft was a victim of attacks due to the weaknesses in SolarWinds’ software, it has implemented impactful remedies.
While the government has sanctioned the criminal mastermind behind the highjacking, Microsoft has initiated court actions and obtained court orders to take down servers controlled by cybercriminals. Additionally, it has educated the cybersecurity industry on the strategies of the hacking group behind the attacks.
6. A response from leadership helps
Sometimes, it’s necessary to hear from a company’s board and leadership.
In light of the SolarWinds cyberattack, President Brad Smith of Microsoft served as the main point of response. He churned out a detailed blog post on their site discussing the breach and arguing that it was an omen of increasingly sophisticated attacks yet to strike other countries.
He subtly maintained that national cybersecurity was a federal responsibility and called on the government to crank up its cybersecurity efforts.
Frankly, whether he was entirely right is not the issue. What matters is that the tactic came across as a notable exercise in thought leadership. His response carried more credibility than that of a company spokesperson.
Crises come knocking at the door of every corporation. Cyberattacks happen hourly. We generally don’t realize it until several weeks later. It’s only a matter of time. At Axia PR, crisis communications management is our cup of tea. To find out more about how we can help you, contact us.