Fraud Management & Cybercrime , Incident & Breach Response , Ransomware
Cyber Incident Preparedness and Collaboration in Crisis
Former CISOs Share Strategies for Ensuring Effective Incident ResponseOrganizations face growing challenges from cyber incidents, requiring robust preparation and response strategies. Cyber exercises can greatly enhance organizational readiness and help stakeholders understand their roles and responsibilities during an incident, said Heather Lowrie, former CISO at University of Manchester, and Jon Staniforth, former CISO at Royal Mail.
See Also: Critical Condition: How Qilin Ransomware Endangers Healthcare
Proactive communication with law enforcement enhances support during high-stress situations. Reporting incidents early provides practical help and boosts morale within the team, Lowrie said.
CISOs dedicate "50% to 70%" of their time managing internal and external communications. CISOs must maintain "consistent messaging" across various stakeholders while ensuring that sensitive information does not inadvertently aid threat actors, Staniforth said.
In this video interview with Information Security Media Group at Cybersecurity Summit: London, Lowrie and Staniforth also discussed:
- Why organizations must recognize the businesswide impact of cyber incidents;
- How to assess incidents and decide whether or not to pay ransoms;
- The importance of involving business lines in owning risks and ensuring operational continuity.
Lowrie has experience in government, public and private sectors. She is experienced in leading through crisis, including managing major cyber incidents and strategic change for digital, AI and security transformations.
Staniforth has more than 20 years of experience in global organizations across diverse sectors, including logistics, telecom, technology, retail and financial services. He excels at addressing complex security challenges, applying his extensive background in risk management, compliance and behavioral change. He is a member of the CyberEdBoard.