How do you communicate through cyber threats?

by Georgina Hall

March 10, 2020

Corporate Communications

Not so long ago, I visited a Sydney bar and was told I couldn’t order any drinks because the bar’s transaction terminals had crashed.

Strange, I thought. Surely, in this day and age, bar staff can operate independently of systems and use a cashbox and price list from somewhere!

This bar could not.

If there had been a back-up system, the business could have continued as usual, admittedly at a slower pace, but continued, nonetheless.

While the temporary closure of a Sydney bar is, ‘small beer’ when compared to the scale and consequences of Toll’s recent breach, there are a few common threads.

Australia’s Cyber Security Research Centre CEO Rachael Falk says, “the key to knowing whether your organisation is cyber resilient is to be able to answer one very basic question; if key systems are no longer available, can essential data be made available to the extent required to carry on your business?”

It seems that both Toll and the Sydney watering hole failed that test.

Contrast that with Maersk, the Danish conglomerate that represents one fifth of the world’s shipping capacity. Maersk had to revert to pen and paper to fulfill orders after its systems became compromised by the NotPetya cyberattack, which struck in 2017.

It took Maersk just 10 days to rebuild its entire international network of 4,000 servers and 45,000 PCs, an effort Maersk Chair Jim Hagemann Snabe described as “heroic” and testament to Maersk’s “human resilience”. The ‘human resilience’ to which Mr Snabe refers or, as Rachael Falk calls it, “cyber resilience”, needs to become an essential component of every organisation’s contingency plan.

Cyber resilience can only be achieved by cultivating two things: first, the technical know-how and the systems and processes necessary for the rapid retrieval of essential data from alternative sources; and second, a culture of trust and open communication with customers, suppliers and other key stakeholders.

Under Armour is a good example of this.

When Under Armour’s 150-million-user MyFitnessPal was breached in 2018, the company was praised for its response.

The company found out about the breach very quickly, mostly as a result of its strong external relationships. Internal trust that had been built allowed the company to promptly respond to the threat.

Secondly, Under Armour’s general preparedness, which involved transparent and honest relationships between the company’s leadership as well as the product, engineering, IT and security teams, meant relevant information could be shared quickly and responsibility assigned to the right people.

Finally, Under Armour’s well-articulated mission statement helped focus its team.

“When you have complete clarity of purpose, focus and leadership, you can get anything done,” Under Armour Senior Vice President, Toke Vandervoor said at the time.

Key steps for companies when managing their cyber risk:

1. Be prepared. Acknowledge that cyberattacks are now a fact of life. That means preparing for the worst, even if the worst never eventuates. 

2. Be proactive. Both Under Armour and Maersk contacted their customers and stakeholders immediately following the breach – and well before the media came knocking.

Companies need to be prepared so that when a breach or an attack does occur, they’re a bump in the road rather than a full-blown crisis.

Find out more

If you would like to add to this conversation, please email Georgina Hall at Apollo Communications. Stay up to date with more blog posts by the Apollo Communications team here.

NEWS AND MEDIA

Measure and manage your Corporate Reputation

The Apollo Communications Top 50 CEO Report

The Apollo Communications ASX-100 Board of Directors Report

Join Our Newsletter

Follow us

Join the conversation