The drama of cybersecurity attacks - and how to stay strategic when things get crazy

In my experience there are two types of CISOs: ones that love the drama of a cyber attack and ones that stay cool under pressure. This post is about how boards of directors can handle a CISO (or someone else in the CISOs organization) that thrives on the drama of an attack.

When a cyber attack occurs at an organization, things can get very chaotic. There is a lot to do to figure out what is happening and what needs to be done. All of this can be exacerbated by a CISO who enjoys being the center of attention and knows that cyber attacks are the time when the spotlight is specifically focused on them.

Luckily, boards have a unique position in that they are often a bit removed from the action. The board has the ability (and luxury) to take a look at the situation from a more strategic point of view.

When a cyber attack happens and the CISO seems to be spinning, the board should make sure a few questions are being answered.

1. What are the regulatory requirements as far as reporting and responding to this incident?
2. What assets are at risk? What needs to be done to protect those assets?

Based on the answers to these questions a timeline can be developed and responsible parties can be named to ensure that all of the appropriate steps are being taken at the appropriate time.

Of course, the answers to these questions are fluid. As more information about the attack comes in, some of the answers to these questions will change and the board has to be ready to change both the timeline and the people responsible for dealing with the remediation.

Most CISOs are cool under pressure and can take all of this on themselves. But in the case that a board is dealing with a CISO that is a bit more excitable, it can help to know these are the steps that need to be taken to address the situation.