This usually happens on Friday afternoon, around 4 or 5 pm. Administrators and security experts get a message that something strange might happen, and a quiet afternoon turns into chaos.
Data leaks and other security incidents tend to strain the nerves of everyone, from the teams trying to solve the problem to key stakeholders. All of them can experience a wide range of feelings, including denial in the first moments, followed by obvious panic, anger, anxiety, and sometimes guilt. Heart palpitations, sweating, shaking, or nausea are not uncommon, and these events can even cause mental health problems.
"I've had admins who have broken down and left," says Peter McKenzie, director of the incident response team at Sophos.
And not only them. "These emotions can go viral and spread throughout the organization," says Dr. Patrick Stacey, who published an article on employees emotional reactions and responses during a cyberattack. As stress builds, senior managers and board members tend to become irritable, putting pressure on technology professionals to address the issue quickly, CSO writes.
This kind of pressure never works, says Michael Schoeberg, a crisis management expert who worked in the Danish army and is now a ransomware negotiator. "The more tense the situation seems, the more we humans tend to react and act without thinking," he says.
How an organization handles cybersecurity incidents can decide its fate, so technology professionals and stakeholders must always make the right decisions. Staying calm and focused is very important not only during a crisis, but also before it starts. The chain of emotions can start much earlier.
Frustration may appear even before the data leak
Security professionals and administrators who protect organizations often feel like Sisyphus, rolling a huge boulder uphill, which rolls down every time at the last moment. Often, they can't even get employees to follow simple rules, such as using unique passwords or installing the latest updates.
They also have trouble convincing the board that security is important. According to a survey conducted by Lastline during the RSA 2019 conference, 98% of security experts said that they do not have enough funds to buy services and equipment and implement the necessary policies. In addition, 23% claimed that it would take a successful attack on their organization to get managers to offer sufficient financial support.
While administrators and security professionals know what needs to be done to keep an organization safe, they don't seem to be able to convince anyone to listen to them. Therefore, there may be "an atmosphere of frustration and frustration among security personnel because they are constantly being deceived," says Dr. Stacey.
Even though they have made many warning signs when a breach actually occurred, it is administrators and security personnel who suffer the most. The "I told you so" moment is followed by anxiety, fatigue, and sleepless nights.
Chain of emotions after a security incident
During an incident, events move very quickly, and the technicians involved tend to experience a mix of emotions, including initial shock, followed by denial, guilt, anger, panic, fear, or anxiety. "Even if you're ready for it, the brain tends to shut down," says Schoeberg. "The more tense the situation seems, the more we humans tend to react and act without thinking."
The first few hours of the incident are chaotic. McKenzie calls them the " chaos phase." "You get pure blind panic when [people] start ripping out the power cables, shutting everything down, and shutting down the internet for the whole world, because they have no idea what to do other than they should just stop everything," he says.
Some administrators and security professionals can somatize themselves during these unbearable hours, transforming their psychological problems into physical symptoms. McKenzie recalls one case where a small town in the United States was attacked by the Conti ransomware. The admin who was on the phone said they had backups, but then went to check them out. Mackenzie heard silence for a moment. "Then I heard him throw up in the room," he says. "The backups are gone, they've lost all the court system data or police records, everything is gone. They didn't have anything."
Pulling out power cables and experiencing physical symptoms is a natural reaction to something serious. These are all human reactions to stress. "The realization that people were not only on your network, they were stealing data from your network, they were destroying material from your network not just for your business, but for customer data or police records, hospital records," McKenzie says.
Scheberg adds that some administrators and security experts may feel the need to fix things immediately. This is usually a bad decision. "[Often] it's not that they're doing something wrong, it's just that some things may be more important than others, " says Schoeberg. Instead of acting, he recommends that they contact the person responsible for crisis management.
The mix of emotions experienced in the first hours of an attack can also include anger, sometimes directed at the security vendor who provided the security tools that were supposed to prevent incidents. Anger can also be directed at the attacker, especially if the victim is a hospital, municipality, or small store, such as a bakery or flower shop.
There may also be feelings of guilt, often due to negligence. "They realize they didn't pay attention to the warning signs," McKenzie says. There are always tools that should be updated or better managed.
Some administrators and security professionals can't handle the stress. The hospital administrator McKenzie helped disappeared for three days after the incident because he wasn't prepared for such a disaster. Then he came back and continued working.
Safety-related incidents can have long-term consequences for employees ' mental well-being if stress is not handled properly. Fortunately, psychologists have long been exploring ways to help us deal with stressful situations, and the U.S. Army also has several methods that professional technologists can use.
Tactical breathing and slow breathing
As a specialist in crisis management, Schoeberg has often found himself in tense situations. One exercise that helped him along the way, called tactical breathing or combat breathing, is used by military, firefighters, and law enforcement officials to reduce stress in dangerous situations.
"When you use tactical breathing, you inhale while counting to four, hold your breath while counting to four, exhale while counting to four, and wait while counting to four," he says. When performing this exercise, you need to breathe deeply through the diaphragm, adds Schoeberg.
A recent study published by experts from the Department of Military Psychology Research of the German Armed Forces in Bonn showed that tactical breathing can be most effective during passive coping, when we expect a difficult or threatening situation, and there is no other choice but to face the source of stress.
Meanwhile, during active coping, simpler techniques may work better. These include long exhalation and slow breathing. A long exhalation means a normal in-breath but slow out-breath, while slow breathing requires only about six in-breath cycles per minute, as opposed to the usual 12-14.
When we breathe more slowly, we tell our body that everything is fine. These techniques tune the parasympathetic nervous system, which regulates the body's unconscious actions. Doing these exercises can slow down your heart rate, relax your muscles, and lower your blood pressure.
The brain is the most complex organ in the body, and we have yet to learn how it actually works. However, a study published in 2017 by Kevin Jakl of Stanford University School of Medicine and colleagues found that mice have a tiny cluster of neurons with multiple functions: they seem to regulate respiratory rhythms, and also interact with the brain stem region responsible for stress and panic - the blue spot. When the researchers removed several of these neurons, the mice were more likely to experience episodes of lull, but they also became less interested in learning new conditions. Other studies have shown that changing the way you breathe can affect the dorsomedial prefrontal cortex and amygdala, both of which are involved in managing stress and negative emotions. In addition, controlled breathing can lead to lower cortisol levels.
Training and planning for cyber attacks
If you don't like breathing techniques, another idea to avoid overwhelming emotions is to prepare for attacks in advance. These exercises should ideally be conducted by someone outside the organization, but should include everyone, not just security experts.
"Executive management should participate in at least an annual crisis management workshop," says Schoeberg. " I've seen it so often that the CEO or CFO ends up not wanting to participate in crisis management trainings because it's too difficult and they tend to lose out during the trainings.".
To prevent this, the workshop should focus on teaching people how to use the tools, rather than testing crisis management plans. "You should never train staff if you don't give them the answers in advance," says Schoeberg.
This training can also help administrators, security researchers, and stakeholders feel that they did everything possible to prevent an incident, which can ease their feelings of guilt. Other strategies to deal with this emotion include apologizing and making amends, replacing negative self-talk with competition, and learning from past mistakes.
Exercises like these can help both individuals and organizations become more mature, which can help them respond better during events and filter emotions more effectively. Plans for potential cyberattacks may also come in handy. "When you have a mature process, a documented way to deal with a security - related incident, you can let your emotions run high because you don't have to act subjectively," says Almerindo Graziano, CEO of Cyber Rangers. " These are the rules, these are the best practices, these are what you do."
Graziano also suggests that more competitive professionals could capitalize on the situation, turning disaster into opportunity: "Prove how well you can stop attacks or hunt down a threat!"
While all of these emotion filtering strategies may work for administrators and security experts, another category needs to learn how to better manage stress: stakeholders (beneficiaries).
Stakeholders influence the course of a cyberattack
Senior managers and board members are under pressure during a cybersecurity incident. Their company may lose billions of dollars, and its reputation may also be damaged. During the incident, stakeholders should be confronted with angry customers whose personal data was posted online and business partners affected by the attack.
There are generally two types of stakeholders: those who get angry at critical moments and pressure security experts to fix the problem, and those who show empathy and empathy by providing support to those who are working to get things back on track.
Needless to say, angry stakeholders make things worse. They need to take a step back, realizing that they are "probably the most incompetent people in the room," says Schoeberg.
McKenzie adds that security experts may be missing something if they have to act in a hurry. "When there is such pressure, mistakes are made, because [security experts] tend to focus more on recovery than on forensics," he says. "You need to understand how the attack occurred, not only so that you can improve your security in the future, but also to make sure that attackers are still not on your network."
On the contrary, supportive leadership can help resolve the crisis. Dr. Stacey recommends that senior managers ask the team what they can do to support their efforts. "It's important for senior management to show such empathy, because emotions can pull people down; they can also elevate them and motivate them," he says. "It's a matter of trying to manage the system and people in such a way that we can always turn it into a positive drive, not a reverse one."
His student Omotolani Olowosule adds that the critical phase of a security incident is not the time for" blame games " and that organizations should support their employees. When administrators and security experts don't feel the need to protect their reputations and are confident that whatever happens, they aren't left to deal with it alone, they can come up with innovative ways to solve the problem.
"Emotions don't move on their own," says Olowosule. - I would react positively if I found myself in a very comfortable environment where my opinion is appreciated. OK, I screwed up, I may have done something really bad for the company, but that doesn't mean I should take the blame."
However, calming an angry senior executive is more difficult than helping a security engineer relax.
Reassuring management during a cybersecurity event
During the tense moments of a data breach, external consultants spend a lot of time trying to calm down nervous managers. "We have to take on the role of the shoulder on which to cry to some extent, to help them cope with all these feelings," says John Prieto, an incident response consultant at Mandiant and a former cyber warfare operator in the US Air Force.
He says communication and transparency are crucial because everyone needs an indicator of the progress of an investigation. "Put it bluntly: this is what we've seen evidence for, this is what we haven't seen evidence for, and just let the evidence speak for itself," he says.
Prieto adds that each person learns information differently. Some people are very practical, while others like to receive written or oral reports, so he tries to use all forms of communication. However, he says that spending a lot of time talking means working less on solving the problem.
With this information, an external consultant can more effectively calm an angry manager, says Schoeberg. He often takes the manager outside the meeting room, conducts an anti-stress debriefing, and explains how things can get back on track.
Giving everyone the opportunity to stay calm is crucial in dangerous situations. "We can use all the tools we need in the world on - site, but if a person doesn't have the stamina to use them, getting results will still be very difficult," says Dr. Stacey.
Author: Andrada Fiscutean
Data leaks and other security incidents tend to strain the nerves of everyone, from the teams trying to solve the problem to key stakeholders. All of them can experience a wide range of feelings, including denial in the first moments, followed by obvious panic, anger, anxiety, and sometimes guilt. Heart palpitations, sweating, shaking, or nausea are not uncommon, and these events can even cause mental health problems.
"I've had admins who have broken down and left," says Peter McKenzie, director of the incident response team at Sophos.
And not only them. "These emotions can go viral and spread throughout the organization," says Dr. Patrick Stacey, who published an article on employees emotional reactions and responses during a cyberattack. As stress builds, senior managers and board members tend to become irritable, putting pressure on technology professionals to address the issue quickly, CSO writes.
This kind of pressure never works, says Michael Schoeberg, a crisis management expert who worked in the Danish army and is now a ransomware negotiator. "The more tense the situation seems, the more we humans tend to react and act without thinking," he says.
How an organization handles cybersecurity incidents can decide its fate, so technology professionals and stakeholders must always make the right decisions. Staying calm and focused is very important not only during a crisis, but also before it starts. The chain of emotions can start much earlier.
Frustration may appear even before the data leak
Security professionals and administrators who protect organizations often feel like Sisyphus, rolling a huge boulder uphill, which rolls down every time at the last moment. Often, they can't even get employees to follow simple rules, such as using unique passwords or installing the latest updates.
They also have trouble convincing the board that security is important. According to a survey conducted by Lastline during the RSA 2019 conference, 98% of security experts said that they do not have enough funds to buy services and equipment and implement the necessary policies. In addition, 23% claimed that it would take a successful attack on their organization to get managers to offer sufficient financial support.
While administrators and security professionals know what needs to be done to keep an organization safe, they don't seem to be able to convince anyone to listen to them. Therefore, there may be "an atmosphere of frustration and frustration among security personnel because they are constantly being deceived," says Dr. Stacey.
Even though they have made many warning signs when a breach actually occurred, it is administrators and security personnel who suffer the most. The "I told you so" moment is followed by anxiety, fatigue, and sleepless nights.
Chain of emotions after a security incident
During an incident, events move very quickly, and the technicians involved tend to experience a mix of emotions, including initial shock, followed by denial, guilt, anger, panic, fear, or anxiety. "Even if you're ready for it, the brain tends to shut down," says Schoeberg. "The more tense the situation seems, the more we humans tend to react and act without thinking."
The first few hours of the incident are chaotic. McKenzie calls them the " chaos phase." "You get pure blind panic when [people] start ripping out the power cables, shutting everything down, and shutting down the internet for the whole world, because they have no idea what to do other than they should just stop everything," he says.
Some administrators and security professionals can somatize themselves during these unbearable hours, transforming their psychological problems into physical symptoms. McKenzie recalls one case where a small town in the United States was attacked by the Conti ransomware. The admin who was on the phone said they had backups, but then went to check them out. Mackenzie heard silence for a moment. "Then I heard him throw up in the room," he says. "The backups are gone, they've lost all the court system data or police records, everything is gone. They didn't have anything."
Pulling out power cables and experiencing physical symptoms is a natural reaction to something serious. These are all human reactions to stress. "The realization that people were not only on your network, they were stealing data from your network, they were destroying material from your network not just for your business, but for customer data or police records, hospital records," McKenzie says.
Scheberg adds that some administrators and security experts may feel the need to fix things immediately. This is usually a bad decision. "[Often] it's not that they're doing something wrong, it's just that some things may be more important than others, " says Schoeberg. Instead of acting, he recommends that they contact the person responsible for crisis management.
The mix of emotions experienced in the first hours of an attack can also include anger, sometimes directed at the security vendor who provided the security tools that were supposed to prevent incidents. Anger can also be directed at the attacker, especially if the victim is a hospital, municipality, or small store, such as a bakery or flower shop.
There may also be feelings of guilt, often due to negligence. "They realize they didn't pay attention to the warning signs," McKenzie says. There are always tools that should be updated or better managed.
Some administrators and security professionals can't handle the stress. The hospital administrator McKenzie helped disappeared for three days after the incident because he wasn't prepared for such a disaster. Then he came back and continued working.
Safety-related incidents can have long-term consequences for employees ' mental well-being if stress is not handled properly. Fortunately, psychologists have long been exploring ways to help us deal with stressful situations, and the U.S. Army also has several methods that professional technologists can use.
Tactical breathing and slow breathing
As a specialist in crisis management, Schoeberg has often found himself in tense situations. One exercise that helped him along the way, called tactical breathing or combat breathing, is used by military, firefighters, and law enforcement officials to reduce stress in dangerous situations.
"When you use tactical breathing, you inhale while counting to four, hold your breath while counting to four, exhale while counting to four, and wait while counting to four," he says. When performing this exercise, you need to breathe deeply through the diaphragm, adds Schoeberg.
A recent study published by experts from the Department of Military Psychology Research of the German Armed Forces in Bonn showed that tactical breathing can be most effective during passive coping, when we expect a difficult or threatening situation, and there is no other choice but to face the source of stress.
Meanwhile, during active coping, simpler techniques may work better. These include long exhalation and slow breathing. A long exhalation means a normal in-breath but slow out-breath, while slow breathing requires only about six in-breath cycles per minute, as opposed to the usual 12-14.
When we breathe more slowly, we tell our body that everything is fine. These techniques tune the parasympathetic nervous system, which regulates the body's unconscious actions. Doing these exercises can slow down your heart rate, relax your muscles, and lower your blood pressure.
The brain is the most complex organ in the body, and we have yet to learn how it actually works. However, a study published in 2017 by Kevin Jakl of Stanford University School of Medicine and colleagues found that mice have a tiny cluster of neurons with multiple functions: they seem to regulate respiratory rhythms, and also interact with the brain stem region responsible for stress and panic - the blue spot. When the researchers removed several of these neurons, the mice were more likely to experience episodes of lull, but they also became less interested in learning new conditions. Other studies have shown that changing the way you breathe can affect the dorsomedial prefrontal cortex and amygdala, both of which are involved in managing stress and negative emotions. In addition, controlled breathing can lead to lower cortisol levels.
Training and planning for cyber attacks
If you don't like breathing techniques, another idea to avoid overwhelming emotions is to prepare for attacks in advance. These exercises should ideally be conducted by someone outside the organization, but should include everyone, not just security experts.
"Executive management should participate in at least an annual crisis management workshop," says Schoeberg. " I've seen it so often that the CEO or CFO ends up not wanting to participate in crisis management trainings because it's too difficult and they tend to lose out during the trainings.".
To prevent this, the workshop should focus on teaching people how to use the tools, rather than testing crisis management plans. "You should never train staff if you don't give them the answers in advance," says Schoeberg.
This training can also help administrators, security researchers, and stakeholders feel that they did everything possible to prevent an incident, which can ease their feelings of guilt. Other strategies to deal with this emotion include apologizing and making amends, replacing negative self-talk with competition, and learning from past mistakes.
Exercises like these can help both individuals and organizations become more mature, which can help them respond better during events and filter emotions more effectively. Plans for potential cyberattacks may also come in handy. "When you have a mature process, a documented way to deal with a security - related incident, you can let your emotions run high because you don't have to act subjectively," says Almerindo Graziano, CEO of Cyber Rangers. " These are the rules, these are the best practices, these are what you do."
Graziano also suggests that more competitive professionals could capitalize on the situation, turning disaster into opportunity: "Prove how well you can stop attacks or hunt down a threat!"
While all of these emotion filtering strategies may work for administrators and security experts, another category needs to learn how to better manage stress: stakeholders (beneficiaries).
Stakeholders influence the course of a cyberattack
Senior managers and board members are under pressure during a cybersecurity incident. Their company may lose billions of dollars, and its reputation may also be damaged. During the incident, stakeholders should be confronted with angry customers whose personal data was posted online and business partners affected by the attack.
There are generally two types of stakeholders: those who get angry at critical moments and pressure security experts to fix the problem, and those who show empathy and empathy by providing support to those who are working to get things back on track.
Needless to say, angry stakeholders make things worse. They need to take a step back, realizing that they are "probably the most incompetent people in the room," says Schoeberg.
McKenzie adds that security experts may be missing something if they have to act in a hurry. "When there is such pressure, mistakes are made, because [security experts] tend to focus more on recovery than on forensics," he says. "You need to understand how the attack occurred, not only so that you can improve your security in the future, but also to make sure that attackers are still not on your network."
On the contrary, supportive leadership can help resolve the crisis. Dr. Stacey recommends that senior managers ask the team what they can do to support their efforts. "It's important for senior management to show such empathy, because emotions can pull people down; they can also elevate them and motivate them," he says. "It's a matter of trying to manage the system and people in such a way that we can always turn it into a positive drive, not a reverse one."
His student Omotolani Olowosule adds that the critical phase of a security incident is not the time for" blame games " and that organizations should support their employees. When administrators and security experts don't feel the need to protect their reputations and are confident that whatever happens, they aren't left to deal with it alone, they can come up with innovative ways to solve the problem.
"Emotions don't move on their own," says Olowosule. - I would react positively if I found myself in a very comfortable environment where my opinion is appreciated. OK, I screwed up, I may have done something really bad for the company, but that doesn't mean I should take the blame."
However, calming an angry senior executive is more difficult than helping a security engineer relax.
Reassuring management during a cybersecurity event
During the tense moments of a data breach, external consultants spend a lot of time trying to calm down nervous managers. "We have to take on the role of the shoulder on which to cry to some extent, to help them cope with all these feelings," says John Prieto, an incident response consultant at Mandiant and a former cyber warfare operator in the US Air Force.
He says communication and transparency are crucial because everyone needs an indicator of the progress of an investigation. "Put it bluntly: this is what we've seen evidence for, this is what we haven't seen evidence for, and just let the evidence speak for itself," he says.
Prieto adds that each person learns information differently. Some people are very practical, while others like to receive written or oral reports, so he tries to use all forms of communication. However, he says that spending a lot of time talking means working less on solving the problem.
With this information, an external consultant can more effectively calm an angry manager, says Schoeberg. He often takes the manager outside the meeting room, conducts an anti-stress debriefing, and explains how things can get back on track.
Giving everyone the opportunity to stay calm is crucial in dangerous situations. "We can use all the tools we need in the world on - site, but if a person doesn't have the stamina to use them, getting results will still be very difficult," says Dr. Stacey.
Author: Andrada Fiscutean
