How To Prepare For A Cyber Crisis

Uploaded on 2022-09-07 in TECHNOLOGY--Resilience, FREE TO VIEW

Organisations have varied ways of dealing with crises - cyber attacks or otherwise. As a result, some are overcome with chaos and disorder, whereas others display professional composure and can rise to challenges.

Those able to withstand an attack are often prepared, have a preventative plan ready and have maybe even rehearsed a similar scenario. In contrast, relying on false reassurances that a business will cope during a serious cyber attack can lead to potentially severe consequences later.

Having led a global manufacturing organisation through a cyber attack, here are some of the ways I think an organisation can prepare for a cyber crisis. 

Grasping The Potential 

Crisis preparedness can make all the difference between surviving an attack and suffering the consequences, but we often underestimate the possible reach of an incident. From my own experience, the first step to being prepared is ensuring all employees can fathom what a crisis would mean. All the competence, processes, and creativity you have as an organisation is required instantly and to the highest degree. It’s like having to participate in the Olympic Games. That’s quite a step up from a local race and that even assumes that you have been training and competing at all. 

The key differentiator between cyber crisis and general crisis preparedness is that, firstly, it involves an adversary actively trying to cause harm. It is distinct from an earthquake or a flood in that your adversary is trying to inflict as much damage as possible during a period of time.

A cyber attack is not necessarily a one-off event but rather involves having to predict the attackers' potential next step.

Secondly, a cyber crisis can hit a company with much broader prospects than an ordinary crisis. Whereas most crises are limited geographically or concentrate on a few departments (e.g., legal), a cyber attack can spread to all departments concurrently and globally within seconds or minutes; something for which organisations need to account.

Common Challenges Of Cyber Attacks

1.    Most of the time, businesses struggle with preparing and responding to a cyber incident because they consider it a one-off event they can repair. 

2.    In cyber crime - to be specific, ransomware - the same actor and malware that attacks one company might have a completely different impact on another. It can cause severe operational, reputational, or financial stress and should, therefore, all be treated with the same caution.   

3.    Cyber crisis preparedness plans are often mistaken for a business continuity plan when in reality, they are not the same. A business continuity plan is absolutely needed but will be insufficient to deal with data theft or criminal gang intent such as extortion. 

How To Evolve A Crisis Response

The first few hours and days into a crisis are the most important. Immediate support allows the business to continue communicating with consumers and keep business operations running. However, it is practically impossible to have the same people who fix your systems also spearhead the critical operations while the attack is ongoing.

And what's more, it is also essential to start thinking about long-term plans such as rebuilding and recovering for the future in a safe way. 

Before an attack occurs, companies must ask themselves how they can best prepare for the different stages of a crisis, as it leaves an opportunity to emerge from an attack stronger. Cyberc security professionals and business heads should convene and discuss the impact a cyber attack can have on the business and which parts are most critical.  Executive management must also consider cyber crisis preparedness a high priority. 

Testing Preparedness

The first step in testing how prepared the organisation is in the event of a cyber attack is by identifying the crown jewels such as assets, business processes, and reputation. Business leaders must then predict in various credible scenarios how an attack can impact them. It is critical that these scenarios are as detailed, relevant and plausible as possible. (And even though a ransomware attack is an obvious scenario for all global businesses, do not regard it as the only one.) 

The second step is creating a playbook on how the organisation plans to respond and ensuring critical roles are allocated to the right people, both internally and externally. For example, do you have an incident response retainer on standby with a trusted partner? 

Finally, companies need to practice the playbooks. It is important to remember that tests and fire drills are not only litmus tests for preparedness but eye-openers for areas of improvement. 

Justifying Your Plans

Overall, crisis preparedness is about minimising the consequences of an attack as quickly as possible and maintaining business continuity. Though you hope it never comes to a cyber attack testing your preparations, your work can help improve the organisation's general crisis preparedness and vice versa. 

Both business and operational teams must come together and practice their playbooks, acting out plausible scenarios to ensure the drills are accurate. Organisations with robust crisis management programmes are more resilient and more likely to prevent a crisis from becoming a catastrophe. 

Jo De Vliegher is Client Partner at ISTARI

You Might Also Read: 

Cyber Insurance - Making The Ransomware Crisis Worse:

 

« Google Issues A Warning To Gmail Users
CIO & CISO Visions Leadership Summit - 9th to 11th October »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Acumin Recruitment

Acumin Recruitment

Acumin is an internationally established Cyber Security recruitment specialist.

GFI Software

GFI Software

GFI Software works with System Administrators, IT Professionals and IT Executives to ensure that their IT infrastructures are monitored, managed, secured and compliant.

Fortinet

Fortinet

Fortinet is a provider of network security systems. Our products provide protection against dynamic security threats while simplifying the IT security infrastructure.

Kenexis

Kenexis

Kenexis is a consulting engineering firm providing services for process hazards analysis, fire and gas mapping, and industrial cybersecurity.

Tymlez Software & Consulting

Tymlez Software & Consulting

Tymlez Software and Consulting is a start-up specialised in blockchain technology for enterprises.

CERT-PH

CERT-PH

CERT-PH is the National Computer Emergency Response Team and the highest body for cybersecurity related activities in the Philippines.

redGuardian

redGuardian

redGuardian is a DDoS mitigation solution available both as a BGP-based service and as an on-premise platform.

Liquid Technology

Liquid Technology

Liquid Technology provide DOD- and NIST-compliant data destruction and EPA-compliant e-waste disposal and recycling services throughout North America, Europe and Asia.

Practical Assurance

Practical Assurance

Practical Assurance helps companies navigate the rough terrain of information security compliance.

European Healthcare Fraud & Corruption Network (EHFCN)

European Healthcare Fraud & Corruption Network (EHFCN)

EHFCN is the only organisation dedicated to combating fraud, corruption and waste in the healthcare sector across Europe.

NewAE Technology

NewAE Technology

NewAE Technology is revolutionizing the hardware security market by making every engineer and designer aware of side-channel power analysis and glitching as important attack vectors.

Comcast Technology Solutions (CTS)

Comcast Technology Solutions (CTS)

Comcast Technology Solutions delivers proven technologies for global video, media, communications, data applications, and cybersecurity & compliance.

Certcube Labs

Certcube Labs

Certcube Labs provide a broad range of services in the areas of Assessments, Development, Risk Advisory, Blockchain, Forensics Investigations, Managed Security Solutions, and IT Security Trainings.

Semgrep

Semgrep

Semgrep is a fast, open-source, static analysis tool for profoundly improving software security and reliability.

NMi Group

NMi Group

NMi Group is a global pioneer in mission-critical Testing, Inspection, Certification, and Calibration (TICC) services.

Hydden

Hydden

Hydden gives security teams the ability to create a solid foundation to build a truly next-gen identity security practice by bridging the gaps between siloed teams and technologies.