Written by Tania Phayre, Head of Marketing at VMAGROUP
On 17 July 2018, VMAGROUP and the UK’s The National Cyber Security Centre (NCSC) co-hosted a breakfast event with 16 Communications Directors from organisations across a range of industries. The purpose of the event was to stress test the crisis communications aspects of a new handbook being developed by the NCSC which will provide full guidance to UK organisations, whether large or small, public or private, in the event of a cyber security incident.
Set-up two years ago, the NCSC brings together technical expertise, engagement across government and industry, and media and communications skills to provide a one-stop shop to support UK ‘business’ with cyber incident response, recovery, and taking lessons forward for the future.
Through feedback from members of our Corporate Communications Advisory Board, we had identified cyber security as an area that Communications Directors in organisations of all sizes and across all industry sectors are particularly interested in. They believe there are challenges in terms of the preparedness of their organisations as a whole, but also of their communications functions to respond effectively should an incident occur. This practical session was therefore designed to enable the participants to use a developing scenario to talk through how a cyber security incident might play out, and what would be required of their communications functions, the senior management of their organisation and a range of other stakeholders.
The context for the session was set by one of the NCSC’s incident management Technical Directors, who gave a fascinating presentation covering some background to where many cyber-attacks originate from and some of the different types of attack, for example trojans, malware, ransomware, criminal cryptomining. He also gave an overview of how the NCSC operates through a process from identification and handling of an incident through to coordination both within and beyond NCSC, particularly with other anti-crime agencies, to advising on effective real-world responses to minimise harm, to final closure of the incident.
While the NCSC cannot actually fix the problem for organisations who have suffered from a cyber security incident, Nicky Hudson, Communications Director of NCSC, said that the NCSC is there to help identify what type of attack it is and how best to respond, either operationally or through communications. They will also help to identify vulnerabilities in an organisation’s systems, and suggest ways in which those issues can be rectified, for example, through patches etc.
Nicky also pointed out that many cyber incidents actually lie undiscovered for many months and, on discovery, it may take many more months to uncover the full extent of the incident, so having a resilient communications team set-up to deal with the incident is hugely important.
The scenario which the NCSC team had put together covered a range of communications requirements from proactive to reactive, and I thoroughly enjoyed being part of such a lively discussion on a topic which has potential to affect us all – either in business or our personal lives.
If you discover your organisation has been the victim of a significant cyber security incident you can report the incident online at: https://www.ncsc.gov.uk/reporting-cyber-security-incident.
With great thanks to Nicky Hudson and the NCSC team for hosting us and running such an engaging session.
VMAGROUP is an international recruitment and executive search specialist for marketing, digital and communications. To have a discussion with one of our dedicated consultants regarding the market, recruiting for a permanent or interim role or if you are looking for a new role, please contact us.