The recent ‘Wannacry’ ransomware attacks which have hit over 150 countries have the potential to cause lasting damage to the reputations of organisations around the world. Large and small organisations, in the public and private sector have all been apparently targeted in the latest high profile hack.
Cyber-attacks are complex to describe and explain, their perpetrators’ identities usually remain unknown. This means the attention of the media normally comes down to scrutinising the lack of resilience of the organisations which are designed to be there to protect us.
In the most recent attack, it was the UK’s National Health Service’s computer systems that came under scrutiny. Government ministers were called off the general election campaign trail to explain to the public why some systems apparently hadn’t been updated with the latest security capability.
In Germany, the issues were also very visible with information displays on the rail system being corrupted.
Suspicions about the attackers have now moved into the global diplomatic arena. In Russia, the President said his country wasn’t behind the hacks, pointing the finger instead at the US.
Those of us who have worked within government digital organisations will be aware of the work that goes on to resist as many cyber-attacks as possible. But despite the efforts of dedicated experts, there’s no bottomless pit of resource for cyber-security. Long after the immediate technical consequences of any attack have been addressed, the reputational damage to companies, governments and nations can be profound.
This particular ‘Wannacry’ attack is apparently demanding that ransoms are paid by victims. Following the first weekend of the attack, it’s reported that only a few thousand dollars had been handed over. For large organisations, it’s not any financial demands that could cause the greatest impact, but the long term damage to their reputation.
This attack is making today’s headlines and might then quickly fade if its direct impact isn’t too severe. But you can be sure another will come along soon. TalkTalk, MySpace and Yahoo have all suffered high profile hacks in the past few years. No organisation big or small can be 100% sure they won’t be next. But they can help themselves with effective communications planning to limit the impact of any attack.
A plan needs the following three key elements:
Measurement and evaluation