German battery manufacturer VARTA, faced a severe cyber attack in February 2024 which led the company to shut down their IT and production systems subsequently.
The company attempted to downplay this situation that has fueled their stock plummet which started already before. The company’s communication is a textbook example of trying to put a positive spin on a disaster.
According to the statement, forensic investigators are "making good progress," and the attackers only succeeded due to their "high criminal energy," overcoming VARTA’s "high security standards." However, "for tactical investigation reasons," no further details could be provided.
The most striking part of the release is the euphemistic description of a complete production halt. It states that "non-IT-based processes can continue to operate," allowing employees to focus on maintenance, upkeep, and preparatory tasks. This prompts one to consider how many non-IT-based processes exist in their own workplace and how operations would look if only those processes were running.
VARTA's attempt to manage the narrative highlights the challenges companies face when addressing cybersecurity incidents while trying to maintain investor confidence. The importance of clear and effective communication during cyber incidents is paramount to maintaining stakeholder confidence and ensuring a swift recovery.
How could this case handled differently, and honestly, way better?
Define Your Stakeholders
Identifying your stakeholders is the foundational step in creating a cyber incident response communication plan. Stakeholders encompass anyone affected by the incident, including employees, management, customers, partners, and regulatory bodies. Both internal and external parties must be considered to ensure comprehensive communication.
An effective strategy involves leveraging social media monitoring tools and existing relationships to understand the expectations, risks, and opportunities associated with each stakeholder group. This proactive approach allows organizations to anticipate and address potential issues promptly. Stakeholder communication emphasizes the importance of keeping stakeholders informed through direct channels rather than allowing them to hear about the incident through media outlets. This approach helps in maintaining trust and transparency during a crisis and demonstrates commitment to the situation.
Determine Notification Procedures
Once stakeholders are identified, the next step is to establish clear notification procedures. This involves defining who will be responsible for notifying stakeholders and deciding on the communication channels to be used, such as emails, phone calls, or social media. Speed and accuracy are crucial in these notifications to prevent misinformation and panic.
It's essential that communication comes from the right leaders within the organization to enhance credibility. It is crucial to understand key stakeholders and the relationships that exist to ensure effective communication. Additionally, organizations must be aware of and comply with mandatory cyber incident notification norms specific to their geography, with the government often being a primary stakeholder.
Establish Response Procedures
After setting up notification protocols, organizations must establish clear response procedures. This involves activating the incident response team, containing the incident, and conducting an investigation. Having a well-defined process ensures a swift and efficient response, minimizing the impact of the cyber attack.
An effective incident response team typically includes roles such as a Team Leader, Lead Investigator, Communications Lead, and Documentation & Timeline Lead. Inclusion of an HR/Legal Representative is also crucial, as incidents may evolve into legal issues. Legal and HR guidance is essential to navigate potential criminal charges and ensure compliance with relevant regulations.
Set Up Communication Channels
Continuous communication with stakeholders throughout the incident response process is vital. This step involves establishing robust communication channels, including email, text messages, phone calls, and social media, to keep stakeholders informed with timely and accurate updates.
Clear and accessible communication channels help manage stakeholder inquiries and provide reassurance. The Hootsuite guide on using social media for crisis communication advises organizations to engage with stakeholders, answer their questions, and maintain transparency to build trust and prevent the spread of misinformation.
Develop Recovery Procedures
The final step is developing recovery procedures to restore normal operations post-incident. This includes system and data restoration, conducting a post-incident review, and updating policies and procedures to prevent future incidents.
A well-structured recovery plan ensures that the organization can recover quickly and minimize the incident's impact. Transparency during recovery is critical, as attempting to "spin" the crisis can damage relationships with customers and other stakeholders. Honest and clear communication helps in maintaining trust and credibility.
Closing Thoughts
Implementing an effective cyber incident response communication plan is essential for any organization aiming to be prepared for cyber threats. By carefully defining stakeholders, establishing clear notification and response procedures, setting up continuous communication channels, and developing comprehensive recovery plans, organizations can significantly mitigate the impact of cyber incidents.
Real-life cases like the attack on VARTAs highlight the importance of precise and transparent communication. Words matter, and the shift from downplaying the real impact demonstrates how the right terminology can influence the entire response strategy. Regularly reviewing and updating the communication plan ensures its ongoing effectiveness, enabling organizations to maintain stakeholder trust and quickly return to business as usual after a cyber incident.