Originally published in the Cyberwatch Finland magazine 3/2023 by Kari Aho, CEO, Secapp Oy.
The recently tightened international situation has made it clear that we live in an increasingly uncertain world full of threats. Cyber attacks, system failures, power outages, and physical security threats are just a few examples of scenarios that can cause significant harm to individuals and organizations. The situation is further complicated by the fact that different crises can overlap and affect each other. As these threats grow and become more complex, every second lost can be costly – not only financially, but also in terms of human lives and societal stability. Stricter regulations or requirements set by the operating environment also create pressure to establish necessary measures. In this constantly changing environment, preparedness and timely communication are especially emphasized.
Extensive costs and production losses from system failures
According to a study published in 2021 by the international research company Gartner, an IT system failure alone causes an average cost of more than 5,300 euros per minute of failure. When you calculate what it means in just one hour, the amount rises to a staggering 318,000 euros. Such costs can arise, for example, from production line stoppages in industry, malfunctions of vital equipment in healthcare, or in larger organizations from situations where commonly used communication systems, such as email or instant messaging solutions, are not available. This prevents employees from performing their tasks at least partially and can lead to significant production losses. The above is complemented by the IBM 2023 study, according to which the average cost related to data breaches is 4.25 million euros, which is a 15% increase compared to the situation three years ago.
Protect your organization by increasing operational readiness
I am the CEO of Secapp Oy, Doctor of Information Technology, Kari Aho, and I will introduce a few main points regarding cyber and hybrid threat preparedness and the basics of crisis communication. At Secapp, we have been working with the private sector, authorities, and public administration for more than ten years on issues related to preparedness, critical communication, and alerting, and we produce related SaaS services. Last year, more than 10 million alerts were sent using Secapp related to various emergency situations.
When discussing cybersecurity and possible cyber attacks, our thoughts often go to technical solutions and protection mechanisms, which are of course an important part of the whole. However, people’s preparedness and operational readiness play at least an equally important role: how an individual person, organization, and the necessary stakeholders act when a crisis occurs. What general operating instructions are related to the situation? How do you reach people and ensure reachability regardless of the time of day? What backup arrangements are followed when normal operating methods or systems are not available? Who takes the lead and directs the operations? Who is responsible for communicating the situation to other stakeholders or the public? When and how is information collected and updated? Who decides the measures to be taken, or decides when the emergency is over and normal operations can be resumed?
However, the unfortunate fact is that 51% of organizations still plan to increase investments in preparedness, training, and necessary tools only after a threat has once materialized. Here is a short checklist of five points about what kind of things, in addition to technical tools and protection mechanisms, should be considered as part of preparation:
1. Plan in advance:
Human errors and forgetfulness occur easily in crisis and disruption situations, so plan necessary instructions and, for example, messaging groups for different situations in advance. In this way, you ensure that all essential people receive the correct information in real time during a crisis and know how to act as the situation requires.
2. Ensure reachability:
Ensure that people can be reached, and that contact information is up to date, regardless of the communication device or technology they use. Some still have the old Nokia, while others have the latest smart device. You don’t necessarily have the emergency phone on the home sofa with you either, even if it’s important to always be within reach. In the event of a disruption, you cannot always rely on all technologies working, so please consider possible backup numbers or contact methods beforehand. Remember to also process contact information safely, so that it does not become available to third parties.
3. Ensure that only relevant people can access information:
The content of communication can be very sensitive, and it ending up in the wrong hands can cause, for example, dangerous situations or reputational damage. Ensuring the flow of information, creating a situational picture, and documenting the situation are, however, of paramount importance in resolving the situation. So, double-check where your data is located and ensure that only the relevant people have access to it. If management is not centralized or automated, an outsider such as an ex-employee might get involved, or conversely, someone essential to the operation might be left out.
4. Find out how processes can be automated:
Every second counts in crisis situations. Technology should not consume those precious seconds, but instead, things should happen in the simplest way possible, either automatically or at the press of a button. Therefore, explore the possibilities of which processes or operational methods could be automated or speeded up, so that key personnel have time to focus on solving the crisis situation at hand instead of being on the phone, for example.
5. Remind, practice, encourage:
Repeatedly remind people of the agreed guidelines, practice, and encourage people to give development ideas for improving crisis management. This way, the operating models remain fresh in memory and are constantly taken to a more advanced direction.
Although technology is a key part of preparedness, people’s actions, communication, and cooperation are at least as important. Organizations must understand both the technical and human perspectives, and they must be trained and equipped with the right tools and protocols to operate efficiently and securely. From the point of view of tools, Secapp is an example of a modern solution that helps develop preparedness and brings effective tools for fast multi-channel reaching of people. One of our customers has even said that Secapp reduces the time needed to reach people by up to 90%. I can say that I am proud of how Secapp helps make the world a safer place. Every second really matters.