Cyber & IT Supervisory Forum - November 2023

may be over ‐ exaggerated. Because the organiza Ɵ on has absolutely no control over this type of scenario, procedures for monitoring and pos Ɵ ng to tradi Ɵ onal social media accounts (I.e., Facebook, Twi Ʃ er, Instagram) should ideally be in place and followed during an incident. This is necessary to get ahead of any incorrect informa Ɵ on or a Ʃ empts by upset external (or even internal) par Ɵ es to exaggerate the situa Ɵ on or smear the organiza Ɵ on. In addi Ɵ on, the organiza Ɵ on must be prepared to address “hyper ‐ local” social media outlets such as Nextdoor Neighborhood, Facebook Neighborhoods, Ci Ɵ zen, etc.). These newer, community ‐ based media accounts are o Ō en overlooked when an organiza Ɵ on implements a social media monitoring program but can be equally as damaging as more tradi Ɵ onal social media accounts, which rely more on “friends” and “shares” to spread informa Ɵ on. Hyper ‐ local media applica Ɵ ons are typically ac Ɵ ve around the ac Ɵ ons of a “community” of users using bulle Ɵ n board ‐ type forum and may be driven by frequent posters whose views and opinions are generally viewable by anyone on the forum, regardless of whether the individual poster is “followed” or “friended.” And, as men Ɵ oned earlier, posts from these individuals may be ill ‐ informed or driven by sensa Ɵ onalism. While social media monitoring might sound like a minor aspect to the organiza Ɵ on’s incident response planning, a recent study of fi nancial ins Ɵ tu Ɵ ons a ff ected by real ‐ world ransomware a Ʃ acks suggest that it is a primary concern of signi fi cant importance. The consequences of failing to address any disinforma Ɵ on discovered in media (I.e., newspapers, TV, or radio), as well as tradi Ɵ onal or hyper ‐ local social media, can be signi fi cant. In the banking world we think of deposit withdrawals, capital erosion, and liquidity crises when we think of out ‐ of ‐ control rumors and disinforma Ɵ on. However, in the nonbank space, the main poten Ɵ al impact of such disinforma Ɵ on might be the immediate loss of customers and damage to the brand and the organiza Ɵ on’s reputa Ɵ on. And in a compe ƟƟ ve marketplace, these complica Ɵ ons might be di ffi cult, drawn out, or even impossible to recover from. Any decision to issue a “preemp Ɵ ve” or reac Ɵ ve media pos Ɵ ng on social media or through tradi Ɵ onal media outlets must be made with very careful considera Ɵ on. Such decisions will largely depend on the nature of the organiza Ɵ on, the expected length of degree of impact to the organiza Ɵ on and its customers, and the nature of any exis Ɵ ng public knowledge or percep Ɵ on of the incident itself. There really is no de fi ni Ɵ ve answer to this ques Ɵ on, as it truly will depend on these factors a ff ec Ɵ ng the organiza Ɵ on. A short ‐ term incident with limited impact on opera Ɵ ons and an expected quick turnaround may not warrant any sort of formal communica Ɵ ons (other than any required communica Ɵ ons to a ff ected customers). However, a longer ‐ term incident impac Ɵ ng opera Ɵ ons for an extended period may jus Ɵ fy preemp Ɵ ve messaging. In either case, an organiza Ɵ on would be well ‐ advised to monitor media sources frequently to ensure that the organiza Ɵ on can address any public knowledge of the incident as it arises. As an

19