Cyber Threat – Why the Best Defenders are Often the Worst Responders

The firms with the best and most pro-active cyber defenses are often the worst responders if their defenses are actually breached. Why so? Because a breach is new to them and they are immediately thrown off-kilter by the attack, unless of course, they have rigorous and frequent table-top exercises to prepare for such situations.

So it’s ironic that the firms that respond best are probably those that had an attack in the last year – the imprint of the lessons learned are burnt hard into their response psyche.

At a recent conference I attended, we heard that the No.1 lesson that arose in the post-mortem/lessons-learned meeting after a cyber-attack was to call outside counsel (OC) as soon as a breach was suspected. So why call your OC? And why call them first?

  • If cyber breaches are new and rare to you, knowing exactly what to do and when may not come naturally. Your external counsel, on the other hand, is working with many of your peers, and they will have an immediate playbook that they bring to the table regarding how to respond.
  • Your General Counsel and CCO have natural conflicts that are difficult to steer around in periods of stress; it is precisely times like this that you need the calm, clear and unambiguous view of your OC and their plain-talking view on what needs to be done.
  • The OC can handle quite a few things that will free you up to do the essential and immediate work of understanding what happened, the full scope of the breach and the impact on clients. For example, the OC can immediately engage your insurance agents.
  • If appropriate, the OC can inform applicable law enforcement and state authorities. This is a critical benefit as your communications with the OC are privileged. This allows you to disclose in full all of your fears, which in turn allows the OC to make the correct and appropriate disclosures to the proper authorities within the legislative timelines mandated by the scope and geo-nature of the breach.
  • Your OC should also be able to recommend an excellent cyber-event forensic analysis firm to fully understand what happened and the full breadth of the attack.

So how does one prepare for the correct response to an attack, without actually experiencing one for real? Simple – you engage in regular table-top exercises and implement short/no-notice war games to prepare the broader team for the exact scenario you hope will never happen. Ideally, you will engage your OC in these exercises and work with them to develop a cyber war chest with call sheets and an immediate-actions plan for handling an event. Theory is great, but practice and experience beat it every day of the week!

Finally, after each table-top/war game exercise, ensure you hold a lessons-learned debrief session and a post-mortem on the exercise to identify weaknesses in the response and preparation.

You need good and proactive defenses – such as CSS Shield — but you also need to plan and be prepared for the worst-case scenario of a breach to ensure that your team is ready and not caught in the headlights like a startled rabbit.

Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Latest Content

Texas Outlaws and a Silver Bullet: Position Limits in the USA

In this first installment on position limits, Regulatory Guidance expert Greg Hotaling surveys the current landscape of position limits imposed for U.S.-listed commodity derivative holdings, which can affect investment firms and other speculative investors regardless of where they are based. Stay tuned for coverage of EU position limits in the next edition. “Who shot J.R.?!” … Continued

FAQs From the Cyber Desk

Cybersecurity is a fast-moving target, so it is not uncommon for firms to have questions when it comes to assessing and understanding their cybersecurity risks. Here at CSS we receive a lot of cybersecurity questions, so we thought we would take the time to answer 10 of the most common Frequently Asked Questions. (1) What … Continued

EU Position Limits: Born in the USA?

This is the second installment of Regulatory Guidance Expert Greg Hotaling’s blog on position limits, this time addressing EU-listed commodity derivatives and related products.  As always, keep in mind that these limits can apply to asset managers, and other market participants, regardless of where they are based. In 2009, the European Union’s first comprehensive position … Continued