If you don’t yet have a security incident programme in place, you need to create one and test it often.

When it comes to cybersecurity, from the C-suite down, good communication is key. For any organisation capable of detecting an attack, it’s important to respond accordingly and as early as possible to mitigate the effect on credibility, as well as employee and customer trust. In fact, the ability to detect a security breach is of absolutely no use if an organisation doesn’t respond in the appropriate manner.

Entrust’s deputy CISO and chief information security architect, Tony Hynes, says that after its breach earlier this year, identity and access management company Okta learned this the hard way. Between the start of the breach, the denial of malicious activity, and eventual action, the Okta breach resulted in a tricky situation of inadequate responses and inadequate communication.