Because the attack affected customers, Pavlykevych met right away with their infosec teams, providing ongoing briefs on progress, incident investigation, and recovery “to ensure transparency and accountability,” an essential part of SoftServe’s cybersecurity ethos, Pavlykevych says, noting that this approach strengthens trust with stakeholders.
After the ransomware attack, SoftServe reviewed and audited its security controls, which eventually led to an improved approach to file storage and sharing of personal and client data, as well as security and privacy awareness workshops for associates. Addressing the underlying issues that led to the breach and enabled it to advance is vital — but not through finger-pointing.
IDC’s Grover says that despite the CISO’s best efforts, there will still be reputational harm from a cybersecurity incident. Rebuilding trust after a cyberattack can be challenging but is essential.
“If you take all the right steps in the right direction, you can reverse this brand image,” Grover says, adding that CISOs may want to consider the expertise of a PR agency or consulting firm to assist with this task.