CYBER CRISIS MANAGEMENT (SO WHAT EXACTLY CYBER CRISIS IS?)

CYBER CRISIS MANAGEMENT

A click on a malicious link, any unwanted services open, using any obsolete OS can be much more catastrophic for the organisation beyond one’s imagination and can lead to cyber crisis.

SO WHAT EXACTLY CYBER CRISIS IS?

Cyber crisis is a situation of compromise, disruption or breach for the organisation’s critical information systems and data which is often known as Cyber Security Incident but these are beyond just incidents which can impact the reputation, financial outcomes and sometimes end up facing huge penalties.

FEW OF THE CYBER CRISIS SITUATIONS ARE

  • Breach in networks
  • Credit card data or health data stolen
  • Personal data compromise
  • Denial of services
  • Website crash
  • Email hacking
  • Zero day attack

Few of the very famous Examples of worldwide Cyber Crisis are:

WannaCry: In 2017 this ransom ware infected computers and encrypted content of hard drives and demanded ransom in order to decrypt the same. Many organisations suffered by this attack.

NonPetya:This is again a ransomware started phishing spam in 2016 which affected master boot record. It has also impacted many organisation having the vulnerabilities.

HOW TO DEVELOP CYBER CRISIS RESPONSE CAPABILITIES

  • Identification of the key stakeholders at executive level from legal, finance, IT, Information Security and Physical Security and formulate a Crisis Management Team (CMT).
  •  Roles and responsibilities of each stakeholder shall be clearly defined, documented and communicated.
  • Identify different scenarios of crisis and evaluate all the aspect by performing “What if” analysis and prepare responses accordingly for all the possible scenario. Organisation can take help of internal and external stakeholders as well as some expert consultants for this.
  • Procedures for communication during any cyber shall be prepared according to different compliances pertaining to the organisation. These shall be readily available in case of contingency.
  • Communication plans for external stakeholders, customers, media and external agencies shall be prepared.
  • All the responsible stakeholders shall be trained and evaluated by performing drills or table top exercises on regular intervals.
  • Identification of forensics experts within the organisation or some expert external agency like CERT for performing forensics and malware analysis to check the degree of damage done by incident.
  • Last but not the least have someone who can handle the media for PR and as well as negotiate in case on ransomware.

Cyber Crisis is just like any other Information Security Incident, which can become a disaster if not addressed properly and diligently at right time. Cyber crisis can lead to huge penalties and business loss.

CYBER CRISIS HAS FOLLOWING IMPACTS:

  • Damage to company reputation and brand image
  • Loss of sensitive data and intellectual property
  • Loss in business opportunities
  • Cost of replacing the systems.
  • Penalties from regulatory bodies or contractual compensation

LIST OF FEW KNOWN CYBER THREATS

  • Ransomware
  • Spoofing
  • Spam
  • Spyware
  • Trojan Horses
  • Viruses
  • Hacking
  • Malware
  • DDOS
  • Worms

In a nutshell Cyber Crisis Management Plan help the organisation to manage post crisis chaos. When everything is defined and everyone is trained to handle the adverse situation like cyber crisis it becomes much easier to resume business operations. Sometimes few situations are unavoidable even after having a robust system in place, CCMP help the organisations to deal in such situations and thus helpful in Business Continuity purpose.

Related Posts

HOW ORGANISATIONS CAN ENSURE CYBER SECURITY DURING REMOTE WORKING

HOW ORGANISATIONS CAN ENSURE CYBER SECURITY DURING REMOTE WORKING Global pandemic has entirely changed the work culture of the organisation, while over 75 percentage  of the private sector…

Cyber Security Compliance for Startups

CYBER SECURITY COMPLIANCE FOR START-UPS Start-ups are integral to  economic success of any country, generating  millions new jobs in recent years and experiencing significant market growth as…

VIRTUAL CISO-A Logical method to manage Cyber security compliance in Start-ups

VIRTUAL CISO-A Logical method to manage Cyber security compliance in Start-ups   During the current era, both big companies and small start-ups, are using Information Technology for…

ISO 27001 CERTIFICATION (INDIVIDUAL VS. ORGANIZATION)

ISO 27001: ISO 27001 is a standard that is folloVendord for the Information Security Management System (ISMS) of an organization in which, the said company’s compliance status is checked, based…

INFORMATION TECHNOLOGY (IT) RISK MANAGEMENT

INFORMATION TECHNOLOGY (IT) RISK MANAGEMENT  What is Risk? Risk is any unwanted event which impact organisation’s objectives to attain business goal. There are various type of business…

CYBER SECURITY WORKSHOPS AN EFFECTIVE WAY TO UNDERSTAND CYBER RISKS FOR BEGINNERS AND PROFESSIONALS

CYBER SECURITY WORKSHOPS: AN EFFECTIVE WAY TO UNDERSTAND CYBER RISKS FOR BEGINNERS AND PROFESSIONALS

CYBER SECURITY WORKSHOPS: AN EFFECTIVE WAY TO UNDERSTAND CYBER RISKS FOR BEGINNERS AND PROFESSIONALS Workshops has always been a great source of knowledge about the subject. Cyber…