Extractive summaries of and key takeaways from the articles curated from TOP TEN BUSINESS MAGAZINES to promote informed business decision-making | Week 298 | May 26 – June 1, 2023.
You’re the CEO and Your Company Got Hacked—What Now?
By Andrew Martin | Bloomberg Businessweek | May 26, 2023
Listen to the Extractive Summary of the Article
Karim Toubba was a few months into his new job as chief executive officer of LastPass US LP, which allows customers to store and manage passwords, when he learned that his company had been hacked. Two weeks later, in August 2022, he published a blog post saying that while the hackers had stolen some source code and proprietary technical information, there was no evidence that access was given to customer data or encrypted password vaults. Crisis averted—until the hackers returned, using information stolen in the earlier attack to obtain encrypted usernames and passwords, among other data.
The ordeal placed Toubba into a growing fraternity of executives who’ve helmed companies through a cyberattack, a grinding experience that can drag on for months. His message to other CEOs who may find themselves in a similar position? You won’t be judged for being hacked, but you will for how you respond.
Executives, security professionals and lawyers who have worked through hacks say that while every situation is different, organizations can take measures to respond to a crisis and help mitigate the damage. For starters, it’s critical to have an incident response plan in place. It must account for worst-case scenarios and be rehearsed by relevant parties including the C-suite beforehand.
Organizations should also remain flexible. Many big companies now have teams with cyber expertise on retainer so they don’t have to go searching for help when they are hacked. That can include lawyers, forensic investigators, crisis communication experts and a ransomware negotiator. This helps to calm fears in the early days of an attack while establishing a structure and a path forward.
Communicating to customers, employees and the general public about the breach requires careful calibration: Providing too little information could prompt a backlash, while giving too much too soon can cause headaches if it later ends up being inaccurate. The facts around hacks are hazy in the first few days and may change. Planning for potential messaging in a breach can help.
Leaders responding to an attack may also benefit from contacting the proper government department or the Cybersecurity and Infrastructure Security Agency. And ask customers to patch their software flaws quickly and stop business with them if they don’t do so within a year.
2 key takeaways from the article
- The ordeal of hacking LastPass US LP placed Toubba, the CEO, into a growing fraternity of executives who’ve helmed companies through a cyberattack. His message to other CEOs who may find themselves in a similar position? You won’t be judged for being hacked, but you will for how you respond.
- While every situation is different, organizations can take measures to respond to a crisis and help mitigate the damage. It’s critical to have an incident response plan in place. Organizations should remain flexible. Communicating to customers, employees and the general public about the breach requires careful calibration between too much vs too little and too soon vs too delayed. Contacting the proper government department or the Cybersecurity and Infrastructure Security Agency could benefit. And ask customers to patch their software flaws quickly and stop business with them if they don’t do so within a year.
(Copyright)
Topics: Technology, Cyber Security, Hacking
Leave a Reply
You must be logged in to post a comment.