• Clarity in the chaos : Kaspersky empowers PR and security teams to take effective communications action when faced with a breach
• Kaspersky has launched a new service – Kaspersky Incident Communications – to help communications professionals deal effectively with an IT security breach
Founded on the company’s extensive expertise in security research and crisis communication, the service also encompasses lessons learnt from the Duqu 2.0 attack experienced by Kaspersky in 2015. The new offering includes training sessions and a tailored workshop for information security leaders and corporate communications teams. It will also advice personnel on efficient operation security tools for communication security and encryption, and suggest best practices to follow to help handle communications internally and externally while an organization is under attack.
The consequences of a data breach can be devastating for a company, with the average financial impact costing an enterprise an estimated $1.23 million in 2018. This includes around $132k of costs associated with the additional PR activities required to recover brand reputation. Despite this, only 47% of Chief Information Security Officers (CISOs) regularly collaborate with their corporate communication departments[1], which could impact an effective communications response in the case of an incident. To help companies address this potential issue and reduce reputational damage, the Kaspersky Incident Communications service is designed to upskill communications professionals and IT security leaders so that they can take appropriate and timely actions if an organization falls victim to an attack.
Kaspersky Incident Communications
The service is available in two options: Standard and Premium. The Standard package provides the foundations needed to build and activate an effective communications plan in the event a cyberattack. It consists of the following elements:
- Generic overview of the threat landscape, aimed at helping corporate communications teams understand the difference between malware, ransomware, APTs, unknown cyberattacks and how they may affect corporate reputation.
- Deep dive into experience gained when Kaspersky’s corporate communication team responded to the Duqu 2.0 incident.
- Operational security essentials, to provide communications professionals with technical toolkits that can be used for encrypting messages, calls and emails, as well as tips on how to effectively cooperate with IT security and incident response teams.
For those customers looking for more advanced knowledge specific to their needs, Kaspersky offers a Premium package which includes the following, in addition to the Standard package:
- Pre-workshop audit of existing incident management plan, organizational structure and reporting lines, conducted in cooperation with the executive responsible (typically the CISO and chief communications officer).
- Deep dive talk on those cyberthreats which are particularly relevant for a specific company, based on its industry, region and size.
- Scenario-based war room with practical exercise, to help understand which communications assets and processes should be developed as a part of the communications plan.
The Premium training is recommended for CISO, CIOs, directors of internal and external communications and other senior managers who will be involved in controlling how the crisis communications plan is executed.
“It is not unusual for people from corporate communications and IT security teams to work in the same enterprise, but not know each other personally. The heightened threat of cyberattacks has changed this, with IT and communications departments needing to work closely together to minimize damage and disruption. However, it can be a challenge for large corporations to bring these representatives together to cooperate, and even if it does happen, they may not understand each other as they speak different business languages. That’s why it is essential to prepare for such cases in advance, to know who should be involved, what their role is and which tools and processes should be in place,” commented Alejandro Arango, Global Director, Corporate Communications at Kaspersky.