Incident response protocol for any state-owned or private business is a complex process. Companies are quite divisive about the level of information they want to share with the public in the wake of a cyberattack. Several cyber experts assert that businesses that involve public investment must disclose complete information about any attack to the public. However, other groups of cyber experts disagree. They counter that the disclosure of information might lead to other cyberattacks. In his article for Government Technology, Adam Stone shares how much information your incident response plans should reveal.
The Relation of the Public with Incident Response
Many experts believe that transparency during a cyber breach resonates with trust. It allows the public to be in a continuous loop of how the incident response operations are working. City of Phoenix CISO Shannon Lawson mentions that if you have made a mistake in managing network security, it is best to be honest about it. You should learn from your failure and ensure it does not repeat in the future.
When to Hide the Information
Lawson adds that disclosing information at a delicate juncture can worsen a bad situation. When your firm is attacked, it is better to let federal officers do their job in secrecy. If you lay out the information in the public domain, it might hamper the investigation.
How to Balance Information During an Incident Response
The incident response process, at a point, becomes a case of what to share and when to share. Firstly, if your clients’ personal information has been breached, you should inform them per the governmental obligations. Ensure the well-being of your consumers’ information but refrain from sharing elaborate details that further jeopardize network security.
The Ransom Issue
Public transparency becomes absolute if you have planned to pay the ransom in return for public data. If a hacker has intruded into the cyber system of a medical facility and is demanding a ransom, the hospital needs to be very sensitive and careful about its response.
Click on the link to read the original article: https://www.govtech.com/security/youve-been-breached-how-much-should-you-disclose
