How to become a cyber resilient organisation

2017 saw not only several large-scale cyberattacks including WannaCry, NotPetya, and BadRabbit but also reputable organizations that have been breached. All of these attacks have generated billions of losses in all sectors across the globe.

The question is no longer “Am I going to be the next target?” but rather “When I get hacked, will I be prepared?”. In other words, “How to become a cyber resilient organisation? “. This is a reality that we all need to accept.

A cyber crisis can have major consequences for organizations such as costly drawn-out litigations, distracting regulatory actions, trickle-down operational disruption, impaired strategy execution, and increased insurance liability, all of which diminish corporate value.

Preparing for, responding to, and emerging stronger from major crisis events becomes vital. To do so, organisations need to develop crisis management reflexes by regularly simulating crisis exercises.

Here are some recommendations:

Incident or crisis? What’s your response strategy?

A cyberattack does not necessarily create a crisis. It can be key to start defining your response strategy: “What are the crisis triggers?”, “When would an incident become a crisis?”, “How would you lead?”, “How would you prioritise?” and “How would you communicate during incident response and crisis management?”

Organizstions must develop their risk-based response strategy based on their business and operational responsibilities. A sound strategy frames a cost-effective, well-resourced, organization-wide approach to addressing cyber incidents.

Invest in technologies

Organisations must invest in incident-response technologies such as automation, machine learning, artificial intelligence and orchestration that will help address the increase in the severity and volume of cyber-attacks.

From a risk and compliance perspective, it is crucial to have forensics capabilities in order to perform a structured investigation while maintaining a documented chain of evidence and find out exactly what happened.

 Mobilise your corporate crisis team

To effectively manage a cyber crisis, it is necessary to define a Corporate Crisis Team with clear roles and responsibilities. Generally, this includes a Crisis Manager, a CISO, a Public Affairs Advisor, a Legal Advisor, a Corporate Risk Advisor, a Medical Advisor, a Human Resource Advisor, and a Health, Safety, Security, and Environmental Advisor.

The crisis can occur at any time. It is, therefore, important to prepare all members of the Corporate Crisis Team on how to collaboratively manage and contain a crisis.

Simulate with realistic cybersecurity exercises

At least once a year, to be closer to reality, it is recommended to test the organisation response capabilities in order to reduce the impact of a cybersecurity breach.

An incontestable way to constantly update and refresh the Cyber Incident plan is to perform cybersecurity incident simulation exercises which will allow learning in a safe and low risk environment. They are often the most cost-effective and rapid way to test certain business continuity activities and in particular the best way to test immediate response to a sudden cybersecurity situation.

Scenario-based exercises will not only demonstrate how the Corporate Crisis Team will fulfil their own individual roles but how effective their coordination is as a team. The more comprehensive and tested the Cyber Incident plan, the better the management’s response will be.

Prepare technical response plans
The Cyber Incident lifecycle strategies are generally organized around four key steps: Detection, Containment, Remediation and Recovery. To save valuable time in the case of cybercrime, it is recommended to prepare scenario-based response plans before proceeding with these four steps. For example: DDoS, Ransomware infection, website defacement, theft of personal data and intrusion – can improve the organisation’s ability to cope with a wide range of situations.