Kaspersky has launched a new service – Kaspersky Incident Communications – to help communications professionals deal effectively with an IT security breach.
Founded on the company’s extensive expertise in security research and crisis communication, the new offering includes training sessions and a tailored workshop for information security leaders and corporate communications teams. It will also advice personnel on efficient operation security tools for communication security and encryption, and suggest best practices to follow to help handle communications internally and externally while an organization is under attack.
The consequences of a data breach can be devastating for a company, with the average financial impact costing an enterprise an estimated $1.23 million in 2018. This includes around $132k of costs associated with the additional PR activities required to recover brand reputation. Despite this, only 47% of Chief Information Security Officers (CISOs) regularly collaborate with their corporate communication departments, which could impact an effective communications response in the case of an incident. To help companies address this potential issue and reduce reputational damage, the Kaspersky Incident Communications service is designed to upskill communications professionals and IT security leaders so that they can take appropriate and timely actions if an organization falls victim to an attack.
The service is available in two options: Standard and Premium. The Standard package provides the foundations needed to build and activate an effective communications plan in the event a cyberattack. It consists of generic overview of the threat landscape, aimed at helping corporate communications teams understand the difference between malware, ransomware, APTs, unknown cyberattacks and how they may affect corporate reputation. It also offers operational security essentials, to provide communications professionals with technical toolkits that can be used for encrypting messages, calls and emails, as well as tips on how to effectively cooperate with IT security and incident response teams.
The Premium package also includes pre-workshop audit of existing incident management plan, organizational structure and reporting lines, conducted in cooperation with the executive responsible (typically the CISO and chief communications officer). It also offers scenario-based war room with practical exercise, to help understand which communications assets and processes should be developed as a part of the communications plan.
“It is not unusual for people from corporate communications and IT security teams to work in the same enterprise, but not know each other personally,” said Alejandro Arango, Global Director of Corporate Communications at Kaspersky. “The heightened threat of cyberattacks has changed this, with IT and communications departments needing to work closely together to minimize damage and disruption. However, it can be a challenge for large corporations to bring these representatives together to cooperate, and even if it does happen, they may not understand each other as they speak different business languages. That’s why it is essential to prepare for such cases in advance, to know who should be involved, what their role is and which tools and processes should be in place.”