Companies which fall victim to cyber attacks and data breaches often come in for criticism, but one the best things an organisation can do to ensure it remains protected against the impacts of a hacking incident is to take advantage of the expertise of cybersecurity professionals who’ve faced a major attack.
A new research paper by Symantec and Goldsmiths, University of London surveyed over 3,000 CISOs and found that just over half believe that learning from failure is an important part of the process for improving corporate cybersecurity measures.
However, when it comes to actually sharing information about experiencing the fallout of falling victim to a cyber attack, the survey suggests that information security professionals struggle.
Just over half of respondents (54%) said they don’t discuss breaches or attacks with peers in the industry, while over a third of those surveyed (36%) said they fear that sharing information about a breach or attack on their organisation would negatively impact their future career prospects.
“Cyber security professionals continue to play their cards close to their chest and remain hesitant to engage in communication with other like-minded organisations,” said Chris Brauer, director of innovation at Goldsmiths and lead researcher of the Tackling Cyber Security Overload in 2019 report.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
However, the research also found that living through a breach changes the mindset of security professionals – and often for the better, making them less worried about the impact of an attack or experiencing burnout which might result in them leaving the industry.
Being equipped with the experience of having been through it before can provide benefits not only for setting up systems to prevent damaging attacks, but the processes required if an organisation does fall victim to hackers.
Rather than viewing staff who’ve worked at organisations which have suffered a cyber attack as having failed to do their job, other organisations should be actively seeking out these people to learn from them – even to the extent of hiring them for their own security teams.
“Senior members of security staff who’ve worked in organisations which have had a major, publicised breach, that can be seen as a negative – somehow individuals can be tarnished with that. That’s probably the exact opposite to the way to how the industry should be thinking,” Darren Thomson, CTO EMEA at Symantec told ZDNet.
“Someone who has lived through one of these incidents and been through the whole process, recovering from the bad experience then implementing additional security and privacy measures: that knowledge and experience is valuable and it’s good to have someone with it,” he added.
This is especially important because not only do cyber attackers continue to conduct successful campaigns, such is the prolific nature of attacks, it’s often a case of when, not if an organisation falls victim to hackers.
It’s therefore important for organisations to have a good resilience and recovery programme and by employing someone who has worked on one which has been successfully field tested, it could help bolster an organisation’s reaction to a cyber attack.
“If you want to build a resilient organisation, wouldn’t it be better to recruit a team of people who’ve lived this stuff rather than someone who hasn’t got that experience or developed best practices in reaction to a breach occurring?” said Thomson.
“Assuming they were doing the right things and yet a criminal got the better of them, if they can prove their resilience and what happened as a result of that, what best practices they developed, what steps they took to improve, that’s invaluable experience and those are the people we should be looking for,” he added.
READ MORE ON CYBERSECURITY