Cybersecurity Crisis Management: From Traditional to Digital
The transition from managing cyber crises using traditional playbooks to advanced digital platforms is not just technological, but signifies a fundamental conceptual change
The 2024 Cybertech New York conference in September brought me on the main stage face-to-face with Tim Brown, one of a select few CISOs whose name has transcended the technology and business sections to reach the headlines and magazine feature pages.
Brown, CISO of SolarWinds, faced one of the largest and most sophisticated attacks the cyber world had known. SolarWinds itself wasn't the target of the APT29 hacker group, aka Cozy Bear, nor of its operators in Russia's Foreign Intelligence Service, the SVR. SUNBURST was a supply-chain attack hitting some 18,000 of SolarWinds' 300,000 customers, including the U.S. Departments of Treasury, Commerce, and Homeland Security, the National Telecommunications and Information Administration, the UK's Ministry of Defense and Home Office and National Health Service, the European Parliament, NATO, Microsoft, and the cybersecurity company FireEye.
In the years since the crisis, Brown has divided his time between his employer and cyber conference stages worldwide, where he shares his professional and personal experiences and the lessons learned from that high-profile cyber crisis. Recently, he joined the advisory board of Cytactic, the company I founded that offers an advanced platform for managing and preparing for cyber crises.
SolarWinds' story is the story of many organizations in recent years, which due to the scale of the phenomenon, don't always even get a casual mention in the media or on the internet. The cyber attacks of yore look like a video game compared to today's attacks - more sophisticated, more dangerous, and more ubiquitous, to which organizations of all sizes and fields are vulnerable, from a family real estate office to a global tech corporation. In such an environment, managing cyber crises - the assemblage of challenges and threats that ensue a hacker attack - becomes a more complex and challenging task than ever before. The transition from managing crises using playbooks to employing advanced digital platforms marks a significant paradigm shift in the field.
The urgent need for this transition is highlighted by five central challenges in managing cyber crises, which show how an online, dynamic, and updated platform can comprehensively address these challenges, owing to real-time information, coordination and collaboration, flexibility, and access to databases and advanced decision-making tools. This way, chaos can be turned into order, and an organization's ability to cope with cyber crises can be significantly improved.
The first challenge lies in the basic limitations of playbook based crisis management. While printed documents can provide basic information, they lack the dynamic capabilities that online digitization offers. Digital platforms allow for real-time coordination between different teams, rapid and efficient information flow, advanced analysis capabilities, and the flexibility required to quickly adapt to changing conditions. These advantages are essential in today's complex and constantly evolving threat landscape.
Second, playbooks limit the ability to prepare in advance and build dynamic plans. In contrast, digital platforms allow organizations to develop, update, and adapt their response plans on an ongoing basis. This ensures that plans are always relevant and up-to-date, which is crucial given the constant changes in cyber threats.
The third challenge is related to the phenomenon of silos, where each team and department operates separately and independently, lacking critical coordination. Traditional playbooks make it difficult to create a unified and efficient work process. Digital platforms, on the other hand, allow codifying crisis management processes using tools like BPMN, leading to more coordinated and efficient action among all involved parties.
Access to knowledge and accumulated experience constitutes the fourth challenge. Print, offline playbooks are limited in their ability to integrate and make accessible the aggregated wisdom of experienced crisis managers, advanced decision-making tools, and proven strategies. In contrast, digital platforms can incorporate decision support systems, artificial intelligence, and immediate access to extensive knowledge bases, significantly improving the quality and speed of decision-making during a crisis.
Finally, the fifth challenge concerns leveraging lessons from past events. Traditional playbooks don’t allow efficient access to data and analyses from previous cyber crises. Digital cyber crisis management platforms, however, are capable of storing, analyzing, and efficiently accessing historical information - both from the organization itself and from other organizations, who can use the system to share their knowledge discreetly and without exposing confidential business information. This enables continuous learning and constant improvement in dealing with crises, mirroring developments at the attackers' side.
The transition from managing cyber crises using traditional playbooks to advanced digital platforms is not just technological, but signifies a fundamental conceptual change. Cyber crises are a multi-disciplinary management problem that require experts from different disciplines to work in parallel and collaboration, and to adapt dynamically as threats evolve. Digital platforms for managing cyber crises offer the flexibility, efficiency, and tools needed to deal with the complex and fast-changing threats of the modern cyber world. Organizations adopting this approach will find themselves better prepared, more responsive, and equipped to successfully cope with the cyber challenges of the 21st century.
Dr. Nimrod Kozlovski is the Founder & CEO of Cytactic