Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Sometimes, Perception is Just as Important as Reality

In the world of security, there is often a significant difference between perceived reality and what is actually happening. On a near daily basis we are inundated with stories about cyberattacks, and most people have no problem rattling off a list of companies that were compromised in the past year. However, it would be significantly more difficult for them to recall exactly how these organizations and their customers were impacted by these breaches.

In the world of security, there is often a significant difference between perceived reality and what is actually happening. On a near daily basis we are inundated with stories about cyberattacks, and most people have no problem rattling off a list of companies that were compromised in the past year. However, it would be significantly more difficult for them to recall exactly how these organizations and their customers were impacted by these breaches.

That means even if a breach doesn’t directly cost your organization a ton of money or expose customers’ sensitive information, it can still create significant problems. You can’t expect the general public to dig into the story or process the details like a security expert.

Perception of SecurityAfter hackers claiming allegiance to the Islamic State took control of the U.S. military’s Central Command social media accounts, we received countless questions about whether we suspected sensitive information had been exposed, if U.S. soldiers and civilians were in danger, etc. Of course, there’s a significant difference between a massive data breach and a case of cyber-vandalism. As Peter Singer, a strategist and analyst with the New American Foundation in Washington, put it, “Let’s remember this is a social media account. This is not a military command and control network. This is not a network that moves classified or even non-classified internal information back and forth.”

But many people will not make that distinction. A breach, no matter how insignificant, will simply register as a “breach.” And even for those who do understand the nuances of a breach, a minor slip up can rightfully cause concern that security best practices aren’t being followed in other (and perhaps more critical) areas.

A more high-level example of this line of thinking can be seen in the recent case of the White House fence jumper. Fortunately the attack was not successful, but significant damage was done to the Secret Service’s reputation. The incident rightly caused the public to doubt their capabilities.

So, what does this mean for you?

It means that the public’s perception of security within your organization can be just as important as reality, and it’s your job to manage that perception. I’ll be the first to admit that it’s impossible to protect your entire network – you have to identify your critical assets and ensure you’re truly doing everything in your power to defend them. But when you’re taking stock of those critical assets, remember that it’s not just credit card numbers, social security numbers, etc. – it’s anything that could impact your reputation. Your Twitter account matters. Your homepage matters. Your test servers matter (as proved by the very public Healthcare.gov breach).

If a breach does occur, by being forthcoming with information and doing everything in your power to help those who were affected, you can hopefully repair some of the damage on a reputational level. Anthem is a great example of this. They came clean about their breach right away, and they discovered and reported it themselves. They didn’t wait for someone else to find it for them. This went a long way in restoring their credibility.

I’d be willing to bet Anthem had a solid incident response plan – being clear and forthcoming at the time of a breach is a lot easier if you’ve prepared for such an event. Who’s responsible for communicating with the media, customers, employees, and stockholders? Who’s going to handle your forensics and security investigation?

Advertisement. Scroll to continue reading.

These aren’t issues you want to start fumbling through at the time of a crisis. If you haven’t already, establish your internal incident response team. It should include communications, legal, security, and the executive team, plus a few others depending on the nature of your business. This isn’t a plan the security team should pull together in their own little bubble – get buy-in from all those key players beforehand, and it will be easier to mobilize the troops once the moment of truth is upon you.

Infosec professionals are often analytical by nature, and it can be easy to get bogged down in the technical details, but it’s a mistake to ignore the human side of security. While you’re coming up with creative solutions to keep your critical business assets, customers and employees safe, don’t forget about your reputation. Perception is just as important as reality.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.