In today’s world, technology is everywhere around us. With all this digitalization, the risk of cyber attacks is also increasing. And, cyber attacks are actually impossible to prevent. Sooner or later, your organization will also become a direct or indirect victim of a cyber incident. Do you actually know what to do when that happens?
This is where the Cyber Boost Session from the CCRC can provide valuable input. During the 3-hour interactive Cyber Boost Session, participants learn, together with cyber experts and other entrepreneurs, how to act during a cyber crisis.
But, what actually happens during a Cyber Boost Session and how is it relevant to your organization? In this blog, we share some lessons learned from a Cyber Boost Session during Hâck The Hague on October 2.
Structure of the Cyber Boost
During this session, CCRC welcomed over 25 participants in the beautiful council chamber of the municipality of The Hague. We started with a plenary session about the current context in cybersecurity, the hacker journey, and the victim journey. Afterwards, the group was split into smaller groups to manage a fictional crisis under time pressure (just like in a real crisis!).
Lessons Learned
- Times of crisis call for openness and transparency → although there was some initial caution among the participants, the ice was quickly broken due to the crisis situation and the feeling of time pressure and stress. It's great to see how a group of people who have just met can immediately work together so intensively and be open when there is a common goal. The participants themselves were also surprised at how much they achieved in a short time as complete strangers.
- Crisis management is not just an IT party! A cyber crisis is much more than an IT problem. The majority of crisis management focuses on coordinating many disciplines such as internal and external communication, HR, Finance, and Operations.
- Even if your organization has everything in order, it doesn't mean your suppliers do too. This means you can still end up in a crisis that you have to manage.
- In a cyber crisis, the human aspect should not be forgotten. It can have a tremendous impact on responsible individuals or those involved in the crisis; there are some known cases of PTSD in people who had to manage a cyber crisis.
- It's important not to be dependent on one supplier → if they are affected by a cyber incident, the impact on your organization's business continuity can be disastrous.
The Cyber Boost Session shows that starting with cyber exercises doesn’t have to be complicated. In just three hours, the participants went home with concrete tools and action points for their own organization.
If you want to experience a Cyber Boost Session with your organization or your chain partners, click here for more information. If you want to start practicing yourself, check out our handbook containing all the information for setting up a cyber exercise for your organization.