Your Crisis Management Team, CMT, helps prepare your organisation for an incident and manages the strategic response to any incidents or crisis that occurs.
In my experience of running cyber crisis simulations with these teams I see the same issues present themselves over and over again regardless of industry or maturity.
Here are the top 3 issues I see and how you can ensure your CMT don’t fall into these traps:
1. Loss of focus:
It is so easy to stay focused when the pressure is on but all too often that wave of enthusiasm from the CMT and execs soon fades away. Other things come up and complacency can easily set in. To prevent this make sure you raise the issues seen in attacks other companies have faced and get them to consider what this would mean for you.
2. No chair:
All CMTs need a chair. Someone who will ensure that the checklists and playbooks are being followed and that actions in a crisis are being assigned. It is crucial that the CMT all collectively agree on who the chair should be, appoint a deputy chair because we need redundancy AND that person understands the role they play. Running exercises helps cement both the chair’s role but also ensures that the rest of the CMT understand their roles too.
3. Too much chat, too little action:
I often see that from a discussion and analysis perspective the CMT’s overall do really well. What they often struggle with is taking decisive action and collectively bringing that into being. A classic example is in the ransomware scenarios I’ve run – usually the CMTs are brilliant at discussing the pros and cons of paying but never actually want to come down on one side or the other. Managing a crisis, any crisis, is about making decisions. You have to use the data you have to inform the best decision and then move forward. So put pressure on your CMT to make decisions in exercises. Don’t let them get away with “it depends”.
Ultimately being naturally good at handling a crisis is a myth. Like anything else practice is key to ensuring you have an effective, decisive and cohesive CMT when you need them the most!
If you would like assistance in designing or delivering a focused and bespoke cyber exercise within your organisation, read our guide to exercising or email [email protected] for a free no commitment consultation with one of our leading exercise professionals.