The ongoing importance of practice: new scenario for stronger crisis response.
FI-ISAC and the Cyber Chain Resilience Consortium (CCRC) have jointly developed a new scenario for Cyber Crisis Response. The scenario provides in-depth insights into the complexity of cyber crises and focuses on the specific challenges faced by organizations that rely on shared infrastructures and systems. It offers organizations practical tools to better prepare for future crises.
FI-ISAC is a collaboration of all Dutch banks aimed at sharing and analyzing security threat information to better ensure the reliability of the financial system.
The scenario was also put into practice during a successful Cyber Crisis Response exercise. conducted with about 25 participants from various financial organizations. The scenario was received very positively by the participants.
A crisis exercise under high pressure.
During the Cyber Crisis Response exercise, a severe cyber attack on a critical supplier was simulated. From the very beginning, participants found themselves in the midst of the action: critical services were down, teams had to react quickly, and the pressure of time was palpable. Every decision could have significant consequences for the sector. How do you ensure that everyone receives the right information? When should you escalate? And how do you communicate effectively with other financial institutions while the situation is constantly changing?
The exercise was a real stress test for the participants. As one of them said: “You know that there is pressure on the system, and that makes it so valuable. It shows you how quickly a situation can escalate and how important it is that we can trust each other as a team and as a sector.”
The participants worked through the scenario in various phases, emphasizing the importance of situational awareness, the swift escalation of incidents, and the accurate sharing of information. The co-chair of FI-ISAC summed it up well:
“An intensive session that taught us that elements such as situational awareness, knowledge, the importance of escalation, and information pathways and communication are crucial. Most participants are very familiar and experienced with crisis exercises. However, it remains essential to practice and continuously improve procedures, communication, and collaboration.”
It provides a deeper insight into the complexity of cyber crises and focuses on the unique challenges faced by organizations that rely on shared infrastructures and systems. With this scenario, organizations receive practical tools to better prepare for future crises involving shared services.