Every public or private entity must prepare for the possibility of a cyber attack, a guide dedicated to cyber crisis management in collaboration with the Club of Security and Safety Directors of Companies. It offers 18 practical sheets from preparation to crisis management, including communication and simulation.
It proposes 18 practical sheets intended for each of the actors at the strategic and operational levels of organizations. Its objective is to allow “the entity to work in a transverse way in case of cyber crisis”.
250% More reports about cybersecurity and internet threats
As a preamble, Yves Verhoeven recalls that cyber attacks are increasing sharply. “Over the year 2020, the number of cyber crises has increased by nearly 250%,” he says. He adds that there are “two types of organizations”: “those who have already been victims of a cyber attack and those who will soon be”. Hence the importance for each entity – public or private, large or small – to prepare for the possibility of being hit by a cyber attack.
This guide proposes a list of cybersecurity tools as well as the best practices and recommendations to prepare and manage a cyber attack step by step. It is not only addressed to the people in charge of IT security but also to the whole entity including individuals and businesses, and in particular those involved in the “decision making process”.
Compared to other crisis scenarios, they have the particularity of having a double temporality with immediate impacts and a long remediation process that can extend over several weeks or even months, as well as the absence of a single location. They also include uncertainty about the scope of the compromise and the complexity of understanding the hacker’s objectives and attributing the origin of the cyber attack.
Know and control your IT system
First, entities must build a resilient crisis organization, allowing them to limit the impacts of the crisis, maintain the confidence of the ecosystem, prioritize and maintain the affected activities in a degraded mode. In practice, they must know and master their information systems in order to be able to assess the extent of the impact of the attack on the organization’s perimeter.
The guide therefore advises to have a list of critical applications and services, a system map, a list of IS inter dependencies, a cybersecurity policy for retaining web application and network logs as well as an information flow matrix.
In addition, organizations must be able to maintain their most critical activities – possibly in a degraded mode – and to restart them in a controlled manner in order to limit the impact of the crisis. To do this, it is important to have in place methods and operational means adapted to cyber crisis scenarios. The guide recommends that cyber and IT teams must work to educate business units so that they take into account the cyber impacts and adapt their practices.
In addition, the “communication” aspect must be carefully taken into account because a cyber crisis can affect the reputation of a company. Communication must be integrated into the cybersecurity analysis including crisis management process to support teams when alerting and advising stakeholders (customers, suppliers, media, authorities, etc.) as soon as possible and to preserve the business trust and reputation.
Activate cybersecurity support network
Once an attack has occurred, the entity must activate its cybersecurity analysis system and then manage it through a strategic cell whose composition must be determined in advance. The activation of support networks – such as insurance companies must be activated by the victim entities in order to be supported in the management of the system or network crisis.
Once the heart of the crisis is over, the organization must modify its practices so that an cyber attack does not happen again. A pedagogical effort is necessary to explain, at all levels, the sometimes profound changes that will be made to avoid a new compromise of the systems and to reach an exit of the crisis.
