Companies that fall victim to cyberattacks and data breaches often come in for criticism, but one of the best things an organisation can do to ensure it remains protected against the impacts of a hacking incident is to take advantage of the expertise of cybersecurity professionals who've faced a major attack.
A new research paper by Symantec and Goldsmiths, University of London surveyed over 3,000 CISOs and found that just over half believe that learning from failure is an important part of the process for improving corporate cybersecurity measures.
However, when it comes to actually sharing information about experiencing the fallout of falling victim to a cyberattack, the survey suggests that information security professionals struggle.
Just over half of respondents (54%) said they don't discuss breaches or attacks with peers in the industry, while over a third of those surveyed (36%) said they fear that sharing information about a breach or attack on their organisation would negatively impact their future career prospects.
"Cybersecurity professionals continue to play their cards close to their chest and remain hesitant to engage in communication with other like-minded organisations," said Chris Brauer, director of innovation at Goldsmiths and lead researcher of the Tackling Cyber Security Overload in 2019 report.
However, the research also found that living through a breach changes the mindset of security professionals – and often for the better, making them less worried about the impact of an attack or experiencing burnout that might result in them leaving the industry.
Being equipped with the experience of having been through it before can provide benefits not only for setting up systems to prevent damaging attacks, but the processes required if an organisation does fall victim to hackers.
Rather than viewing staff who've worked at organisations that have suffered a cyberattack as having failed to do their job, other organisations should be actively seeking out these people to learn from them – even to the extent of hiring them for their own security teams.
"Senior members of security staff who've worked in organisations which have had a major, publicised breach, that can be seen as a negative – somehow individuals can be tarnished with that. That's probably the exact opposite to the way to how the industry should be thinking," Darren Thomson, CTO EMEA at Symantec, told ZDNet.
"Someone who has lived through one of these incidents and been through the whole process, recovering from the bad experience then implementing additional security and privacy measures: that knowledge and experience is valuable and it's good to have someone with it," he added.
This is especially important because not only do cyber attackers continue to conduct successful campaigns, such is the prolific nature of attacks, it's often a case of when, not if an organisation falls victim to hackers.
It's therefore important for organisations to have a good resilience and recovery programme and, by employing someone who has worked on one that has been successfully field-tested, it could help bolster an organisation's reaction to a cyberattack.
"If you want to build a resilient organisation, wouldn't it be better to recruit a team of people who've lived this stuff rather than someone who hasn't got that experience or developed best practices in reaction to a breach occurring?" said Thomson.
"Assuming they were doing the right things and, yet a criminal got the better of them, if they can prove their resilience and what happened as a result of that, what best practices they developed, what steps they took to improve, that's invaluable experience and those are the people we should be looking for," he added.
MORE ON CYBERSECURITY
- Ransomware: The key lesson Maersk learned from battling the NotPetya attack
- 7 tips for CXOs to combat cybersecurity risks in 2019 and beyond TechRepublic
- How learning from hackers can protect us from cyber attacks
- Data breaches can sucker-punch you. Prepare to fight back CNET
- Two cybersecurity myths you need to forget right now, if you want to stop the hackers