By reviewing the plethora of media stories, press releases and research studies, it is obvious that the trajectory of organisations experiencing a significant cyber incident is increasing year after year.
However, it is clear that in some of the recent major incidents that some organisations had not adequately prepared for how they would react and respond in the event of a major cyber incident.
When a cyber incident occurs, a highly complex series of events needs to be perfectly orchestrated whilst under the spotlight of the World’s media and the customer base – it is critical that performance is effective and moves with pace.
Is the process that should be followed when an incident occurs crystal clear? Is the team that should be convened to manage the incident at the various different levels within the organisation established? Are pre-defined play books embedded in operational processes with the required pre-prepared internal and external communications? Is there a defined crisis management structure in place, to ensure that the technical teams are given the space to be able to resolve the incident, whilst internal and external stakeholder management can still effectively occur?
Has the effectiveness of the team been tested so that instinct and learned behaviour can kick-in when an incident occurs, rather than trying to design an action plan and process, whilst managing a major incident? If not, is the current plan to create all of this from scratch at the same time that the incident is being managed?
Cambridge Cyber Advisers specialise in running bespoke cyber scenario exercises that will test and evaluate internal teams and the processes that are followed, as well as providing clear recommendations for improvement.
Running a series of exercises and embedding the improvement actions between them will ensure internal teams and suppliers are fully prepared to effectively manage a cyber incident within the organisation. Being seen to effectively manage the incident in the eyes of the customer is critical to maintaining the brand of the company.
Time invested in effective preparation in advance of an incident will be time well spent; a well-rehearsed team with an effective embedded process means that the organisation can be proactive in managing the incident, as well as the media, and be viewed positively by customers.
Make sure your organisation is prepared for any cyber scenario with Cambridge Cyber Adviser’s exercises – Get in contact today.