When it comes to cybercrime and crisis leadership, organizations would do well to borrow from the military concept of “left of boom, right of boom.” The boom, in this case, is the discovery of a cyber breach. You can think of it as a point on a timeline along which the attack and its aftermath will play out.

Crisis Leadership From All Sides of Boom

Essentially, when something catastrophic happens, most leaders go “left of boom,” diagnosing what just occurred or scheming to prevent it from happening again. This means trying to stop the bad guys in their tracks. Left of boom is all about prevention and detection. This is akin to the moats built around medieval castles.

However, it is equally important to think of what happens “right of boom,” the period after knowledge of the cyber breach reaches the public. In this case, right of boom means the cyberattack has spilled over into the media, among other places. How are you going to deal with customers? With the media? With regulators? With partners in your supply chain?

Since the opening of IBM’s X-Force Command Centers in mid-November last year, hundreds of individuals and teams have experienced the 360-degree cyberthreat preparedness offered there. Through real-world simulation, they live through a highly sophisticated attack in progress. These early users of the IBM X-Force Command Centers have discovered that in the first hours of an attack, you really don’t know what’s going on — you just know it’s very bad.

Preparing and Rehearsing

That’s when the training and simulation switches to right of boom, the aftermath. Both we at IBM and the early users of the X-Force Command Center were surprised at the reactions to preparing in advance for post-attack communications. One common reaction is, “Wow, you made me talk to a reporter. That was scary, but after rehearsing it a couple times, I feel like not only can I do that, but I can probably script out a lot of my response in advance.”

The truth is, in the initial hours after detecting a breach, details related to what data was lost or how the bad guys got in are scarce. But it is crucial to demonstrate leadership by showing that you have a response plan and the ability to execute it. Crisis leadership means standing up and showing that your team is working hard on the problem. This puts confidence back in the market.

Ditto with training to deal with regulators. In the U.S. alone, 47 states have their own unique breach disclosure laws. If you do business in most or all of them, you must be aware of the requirements of those laws, which often involve filling out a lot of forms after a breach. If you know the basics of the different compliance regulations in advance and complete the forms accordingly, the regulators will be confident that you tried to deal with the attack to the best of your ability. But if in three weeks they have heard nothing from you, or if you stand up to the media and basically dodge questions, regulators will grow suspicious and your problems will multiply.

For many of our IBM X-Force Command Center clients, the value of sharing attack information, practicing communications and rehearsing the proper response becomes very apparent — and is essential to their crisis leadership. It is an exercise in understanding what you need to do and with whom you need to communicate. Then you script as much of your responses as possible in advance of the breach.

Preparing for the Cyberthreats of the Future

That’s not all we’ve learned in the few short months since the IBM X-Force Command Centers opened. Organizations of all stripes may well need to brace themselves for a particularly insidious and potentially highly damaging attack. This is an attack unlike most we see today, wherein cyberthieves gain entry to a data repository then commence to steal select files.

At the IBM X-Force Command Centers, we have the luxury of modeling various types of new attacks, including one of which we have already seen some evidence. In these attacks, data is not stolen but rather changed or manipulated. If that happens, or even if attackers can merely suggest this has happened, that can be enough to sow deep seeds of distrust of your data, customers and supply chain partners. We found that our clients are largely unprepared to deal with such an attack in terms of fashioning a convincing response that restores trust and otherwise calms the waters.

Here again, there is no substitute for preparing, rehearsing and practicing the different responses you’ll need to make to different constituents.

If recent history proved anything, it is that no data on any system in any organization is immune from being compromised. It just makes sense to get out in front of the mission-critical job of rehearsing for the right-of-boom events that are as important as efforts to stop cyberattacks from happening in the first place.

Read the white paper: Using Gamification To Enhance Security Skills

More from CISO

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

6 Roles That Can Easily Transition to a Cybersecurity Team

With the shortage of qualified tech professionals in the cybersecurity industry and increasing demand for trained experts, it can take time to find the right candidate with the necessary skill set. However, while searching for specific technical skill sets, many professionals in other industries may be an excellent fit for transitioning into a cybersecurity team. In fact, considering their unique, specialized skill sets, some roles are a better match than what is traditionally expected of a cybersecurity professional. This article…