In today’s digital world, the question is not if your organization will face a cyber crisis, but when. Cyber breaches can have devastating consequences, from data loss to reputational damage. However, you can significantly mitigate the impact of the damage by responding quickly and appropriately as an organization. The first hour after a cyber attack, also known as ‘The Golden Hour’, is crucial. During this period, well-prepared organizations can make a difference by acting immediately and purposefully. In this blog, written by one of our cyber crisis experts, Kelvin Rorive, we guide you through a fictitious cyber crisis and show you how to effectively use the First Aid Crisis Guide to limit the damage and manage the crisis.
The CCRC Crisis Guide in Practice; An Example
Imagine yourself in the following situation…
It is a calm Tuesday morning when suddenly the IT department of our fictional organization, TechNova, receives reports of suspicious activities on the network. The systems start to respond slowly, and several employees can no longer log in. It quickly becomes clear that TechNova is the target of a ransomware attack. Immediately, TechNova begins to manage the crisis, with the CCRC First Aid Crisis Guide in hand.
Step 1: Assemble a Crisis Team
TechNova appears to be well-prepared and immediately summons the pre-selected crisis team. Thanks to clearly defined roles and previously conducted exercise scenarios, everyone knows exactly what their responsibilities are.
Step 2: Securing Systems
The first priority is securing the systems. In a panic, some employees might want to shut down the systems, but the guide warns that this can lead to the loss of valuable data. Instead, the team only disconnects the network connections and ensures that all backups are safely secured and disconnected from the network. Log files are also secured for forensic investigation.
Step 3: Communication
Effective communication is crucial during a crisis. The guide recommends establishing a central communication point and adopting a proactive approach. TechNova’s communication expert ensures that all information is relayed through the crisis team. Employees and customers are promptly informed to keep them updated and prevent rumors. Additionally, the media are informed to counteract speculations.
Step 4: Calling for External Help
TechNova has prearranged agreements with an incident response company. Because these contact details are well documented in the guide, they are quickly found. This company is immediately contacted for assistance. Their expertise helps in swiftly getting the attack under control and restoring business operations as quickly as possible.
Step 5: Evaluation and Recovery
With the help of external experts, TechNova gains control over the situation. The recovery process is initiated, ensuring that all systems are thoroughly checked and clean before coming back online. Although the recovery takes several weeks, valuable lessons are learned from this crisis.
After the crisis, TechNova conducts an evaluation to document what went well and what could be improved. Key points emerging from the evaluation include:
- The Crisis Guide: A valuable tool to ensure that important matters are not overlooked.
- Communication:
Although it was clearly stated that all communication should go through the crisis team, an employee spoke to a journalist and provided information without consulting the crisis team. This resulted in the crisis team spending a lot of time answering questions that arose as a result. It is important to make it even clearer to employees that all inquiries about major incidents must always go through the crisis team. The crisis team will ensure to communicate more quickly in future crises about who within the team can be reached to speak to the press.
- Training: Regular drills and training with the guide can significantly improve the team’s preparedness. By simulating and practicing scenarios, the following are achieved:
- Familiarity with the procedures is increased;
- Response times during real incidents are improved;
- Potential weaknesses in the current procedures are identified and improved.
- Extern help: Making prior arrangements with external specialists can be crucial in times of crisis. The benefits of this include:
- Faster access to specialized knowledge and skills;
- The ability to quickly engage external help without time loss due to negotiations or contract agreements during the crisis;
- Ensuring a coordinated and efficient response to the attack.
Cyber crisis? Geen paniek! Download the Crisis Guide.
Want to better prepare yourself and your organization for a cyber attack? Download our handy ‘First Aid Crisis Guide’. This guide takes you step by step through the preparation process and provides practical tips and advice to minimize the damage from a cyber attack.
