Five Lessons for Leaders During a Cyberattack

As an Incident Commander at Secureworks®, I’ve seen my fair share of cyber incidents and observed common struggles that leaders experience. Being aware of these struggles and how to overcome them can help you during a crisis.

On a daily basis, it isn't hard to be a leader. If you’ve cultivated and empowered your team, things operate pretty smoothly aside from the occasional customer issue or internal struggle. You may not even think about what it's like being a leader during these times. But someday you may face something terrible like a breach or ransomware attack. Are you prepared to lead during these dark times? Are you the leader your team needs during that type of event? Can you help pull your company from the brink of destruction? The following lessons can help you demonstrate strong leadership during a cyberattack:

1. Adjust your mindset before trying to help others. Come to terms with what happened and get your emotions out of the equation as quickly as possible. You must be a calming logical presence as you deal with people worried about their careers, their money, and their reputations. It will be your job to help others move beyond their emotions and start making decisions based on logic, not fear. As a leader, your goal is to guide the team to respond to the incident rather than to just react to it.

2. Take ownership. Take initiative and be proactive. Approach a cybersecurity incident as if you own the company. Care about all the details, listen to others’ ideas, and voice your own perspective. A cybersecurity incident is a tapestry of events, including events that can lead to a better posture for the future of your company. As stressful as an incident can be, there are opportunities for growth. Your obligations as a leader include owning the events and being accountable for the resolutions. You define how the company, and you, are perceived after the event. Did you shine, or was the response lackluster? Did you identify ways to grow? You have the power to decide.

3. Pay attention to your people. You cannot get through a major incident on willpower alone. You need careful planning, thoughtful resource management, and careful decisions. You may have a team of energized amazing people, but running them night and day can quickly lead to burnout. Listen and watch. Few people are going to openly admit that they are unable to do the work, especially if they are on a high-performing team. Focus on wellbeing, and take care of your team. Ensuring that team members get breaks and adequate rest is critical for their health and morale. It’s also good for the response effort, as overworked and tired people make mistakes.

   Your success as a leader is based on your people. Without empowered and energized people, you aren’t going to maximize your team’s success. Get your people what they need when they need it. Make sure that tasks are useful and that precious cycles aren’t wasted (e.g., sitting on a two-hour call "just in case"). Your team relies on you to protect them and their time.

4. Be prepared to say "no". While taking ownership and supporting your team often involve saying “yes”, you also need to be willing to say “no”. Be prepared to say no to overworking your team, to committing to accomplishing a task in less time than it will realistically take, and to letting people’s emotions interfere with effectively addressing the threat. You were made a leader because you demonstrated potential for helping the company get to its goals. Stand as the pillar for your team, your peers, and your leaders to look to for inspiration. The best way to do that is to use "no" with surgical precision when you need to, not only for the good of your team but for the good of your company.

5. Communicate. On a normal day, nearly everyone knows who to call and when. But during a cyberattack, normal communication channels won’t suffice. They’re designed for a slower-paced rhythm and may even be compromised. Ideally, you have a pre-established incident response plan that defines the communication strategy during an attack. If you don't, someone needs to decide what information is disseminated, who is compiling it, who should receive it, and how it is shared. Identify appropriate stakeholders and establish distribution lists and repositories as needed.

   Communication is critical during a cyberattack to ensure that team members and stakeholders have the information they need when they need it. The success of your company can depend on it. Establishing effective communication channels also saves time, as you don’t have to manage individual calls or meetings every time someone has a question about progress.

A cybersecurity incident is a defining moment for a company and its leadership. The way a company handles the incident can define how it is viewed afterward. Will you be a shining example or a cautionary tale?

If you need help, Secureworks is here. We have some of the industry's most talented and experienced incident responders standing by to assist. Remember that it isn't yesterday or tomorrow that matters; it's what you do today. Secureworks Incident Response is here to help you make today matter.

If you need urgent assistance with an incident, contact the Secureworks Incident Response team. We are here to assist, 24x7.