Why you need a cyber crisis management plan

Cybersecurity attacks and data breaches have become increasingly common over recent years despite advances in security technology, with attackers moving just as fast. Organisations have learned that an attack or breach infiltrating their systems is not just a matter of whether it will happen, but when it will happen.

Developing a cyber crisis management plan can help minimise an attack’s damage while it is ongoing, but also prepare the organisation to respond to any future attacks. Whether it involves hacked devices, crashed websites, breached networks, denial of services, stolen credit card data and more, a well-designed plan could serve as a reliable backup plan when your security falls through.

What is a cyber crisis management plan?

A cyber crisis management plan is a comprehensive approach to identifying, responding to and recovering from cybersecurity incidents, which outlines the steps taken to minimise the damage while preventing further incidents and restoring normal operations.

Generally, a plan would include a risk assessment, a response plan, a recovery plan, public relations, training and awareness, and a continuous improvement plan.

In the past, organisations would deal with these cybersecurity incidents as they happened, particularly for those who hadn’t had incidents, but we’ve seen organisations mature their preparedness a lot on this front. They have started putting a lot more work into assembling the plan.

Another critical component is where businesses keep their incident plans. We’ve seen organisations store them in the cloud or on servers, which often get infiltrated and could lock them out of those plans entirely. That’s why we recommend storing a copy of the plan in a secure storage facility — this may even include a paper copy which would come in handy if the customer gets infiltrated.

How would an organisation benefit from having a plan in place?

A cyber crisis management plan would help minimise the impact on security incidents, where organisations can respond to security threats or incidents more effectively because they are prepared and have planned what the approach would be.

When people are in crisis situations, they tend to respond and act differently. One other benefit that could be gained while an attack is underway would be how incident response times can improve — and being able to respond quickly is crucial in these situations. The quicker you respond, shut it down and mitigate the threat from spreading, will make the difference when the next attack comes. Working with a third party like Orro can also help organisations reduce the time needed to identify, contain and mitigate the damage.

A plan can also help reduce costs by not allowing the threat to spread to other parts of the business. When an attack propagates and spreads, it increases the risk of damage, with more people impacted, leading to production stopping and potentially significant damage to reputation. Containment can also reduce costs related to fines and legal fees — for some global jurisdictions, a company could be fined both in Australia and overseas.

An organisation could also stand to bolster its reputation by how well it responds to threats. We’ve seen a couple of significant breaches recently where generally, the public sentiment has leaned more favourably toward the organisation. Having a plan in place and being able to execute it quickly will help an organisation’s reputation.

Finally, having a plan in place would make it easy for an organisation to ensure regulatory compliance, with the requirements ready to go when they have to notify a breach or also when they need to notify regulators and other stakeholders that a breach has occurred.

What you need to know before developing a plan

Organisations should have a good idea of the cybersecurity risks they may face, so a good first step is to start with a risk assessment to identify the potential risks to your systems and data. They can either engage a third party or turn to their internal teams for a vulnerability assessment or penetration testing to understand what they need to secure first. What have they stored in the cloud? What is exposed? Where does the data live?

Understanding the legal and regulatory requirements is another key component in building a plan, including industry-specific requirements and the jurisdictions in which the organisation operates.

Next is identifying the critical assets and data that must be protected, and finding out what the organisation’s golden goose is in terms of where data is contained, how it is protected and where it is stored, as well as how you would act in response to an attack. When mapping it out, find out what the key assets and data assets are; whether they are financials or intellectual property.

Another consideration is what resources are available to the organisation to respond, whether you are outsourcing or building a team internally, and how you will resource their response. Everyone’s now in the mindset of “it’s not a matter of if, but when it happens”, so what are the plans to address that?

Defining the roles and responsibilities of key personnel is crucial, and making this clear so people are not falling over each other. You’ve likely seen it depicted in movies of ‘war rooms’, where it becomes very clear that someone takes charge, and there’s a set of roles and responsibilities relating to how to handle an issue. That may also include the executive team, legal counsel and communications staff.

Speaking of communications, that strategy is important to map out as well before developing the plan, considering the communications channels and the protocols of notifying stakeholders like partners and customers, as well as compliance on the legal and regulatory side.

Finally, it’s important to remember that creating a cyber crisis management plan is not a one-time exercise. Given the ever-evolving nature of cybercrime, continuous testing and updating of the plan is necessary to ensure it remains effective. Additionally, by factoring in modern developments, such as advancements in generative AI, organisations can be better prepared for new and emerging cyber risks.

Image credit: iStock.com/SawitreeLyaon