Experts say we have been in a low-grade global cyber conflict for much of the past decade. Since the Stuxnet virus that disrupted Iran’s nuke-building capacity in 2010, followed by the Shamoon virus that disabled Saudi Aramco’s oil production in 2012, governments have pointed their cyber arsenals at one another in frightening ways. At the start of 2020, the cyber war drums are beating more loudly.
The private sector must be vigilant. The Sony hack of 2014 showed that governments have a rich abundance of targets from which to choose. American banks, universities, utilities and even private sector executives have been victimized, and this will only spread in the decade ahead. Even if your organization is not an obvious target, prior attacks demonstrate that collateral damage is also a real threat.
Now is a good time to think about shoring up your defenses and response plans. Our crisis PR team’s recommendations:
- Stay vigilant. Invest in cyber defenses, but also think about data and operations redundancy, employee training to avoid phishing and lax procedures, and cyber insurance to cover the costs of mitigation.
- Update communications plans. Make sure your crisis response scenarios include cyber attack, data breach, IP theft, ransomware and downtime. A good plan envisions how the organization will respond internally and externally, what stakeholders exist and how to reach them, and how to stay on top of what will no doubt be a fast-evolving public narrative of the situation.
- Know who to call. You don’t want to be forced into panic-searching for trained IT experts, attorneys and communications firms after an incident is discovered. Get your relationships in place in advance – or verify that the ones you have are up to the task.
Every year since 2013, the U.S. government’s “Worldwide Threat Assessment” has listed cyber attack as the number one global threat, ahead of weapons of mass destruction and terrorism. Be mindful that, in the decade ahead, that threat extends not just to government but to the private sector. Assume the best, but prepare for the worst.
RH Strategic is a Seattle and D.C.-based communications firm providing strategic public relations for innovators in the technology, public sector and healthcare markets. Learn more about our Cybersecurity practice.