Rebuilding after a cyber attack

We talk a lot about handling the initial car crash of a breach. What to do first, the comms that need to go out and the reporting to regulators. This all happens within the first few hours or days of a breach being discovered.

What about after that?

Last week I ran several cyber crisis exercises. The CMTs (Crisis Management Teams) for both companies were excellent at handling the initial fallout of the breach, containment and emergency comms. Where people so often struggle is what happens after that. Let’s say you’ve “weathered” the storm. You have control back and have ensured the attackers are no longer in your network.

That’s not where the work ends for the CMT.

In fact the next stage is by far more challenging. The CMT form the strategic team in a crisis.

After that initial response we have to consider questions such as:

How do they prioritise what systems and services to bring back online first?

What dependencies are there and how do you explain that to them?

Are there certain clients that have to be prioritised over others?

It’s easy to say “bring everything back. We need it all” but in what order? No company has infinite resources. One thing a crisis always highlights is we need more money and more resourcing. Every decision we make will have a consequence on something else. If you don’t map this out in advance you can end up in a sticky situation.

Priorities can be worked out ahead of an incident. So many difficult discussions and decisions can be predicted and planned for. This makes your decision making faster and more accurate. Plan these things before you need them. Help your CMT practice the plans and be in a better position should the worst occur!

Related Posts

3 easy traps your CMT could fall into and how to prevent them

3 easy traps your CMT could fall into and how to prevent them

Your Crisis Management Team, CMT, helps prepare your organisation for an incident and manages the strategic response to any incidents or crisis that occurs. In my experience of running cyber crisis simulations with these teams I see the same issues present themselves...

Your New Ransomware Business Partner   

Your New Ransomware Business Partner  

2020 and 2021 have seen some pretty epic ransoms being paid by companies that at one point in time you would have assumed would never pay. Ransomware groups have undertaken a rebranding of sorts. They have their business model pretty well tuned and their...

The Gold-Silver-Bronze Command Structure

The Gold-Silver-Bronze Command Structure

The Gold-Silver-Bronze or ‘GSB’ command structure was rooted in and developed heavily by the UK emergency services. It was designed to establish a clear hierarchical framework and operational clarity for the command of major incidents or disasters. It is now used by...