Practical Tips for Leading a Team Through a Cyber Attack
A ransomware attack can be an extremely stressful, confusing, and chaotic time for all those involved, particularly for the first responders. Attackers may render your entire IT system ineffective and bring essential operations to a grinding halt, putting the whole organisation at risk of collapse.
Initially, people are in shock, an understandable response given that they’ve just had a crime committed against them. Adarma’s Chief Product Officer, David Calder, likens the experience to a home break-in.
The victim’s digital space has been violated by an unknown cyber threat actor who wants to cause them as much damage as possible so that they can be easily extorted.
David, who has been on the front-line of numerous ransomware attacks helping organisations regain control of their systems, believes that a key differentiator when it comes to the success of a ransomware response is advanced preparation.
The chaos created by a ransomware attack is deliberate by the attacker; they want to create fear and confusion so that you cannot stand up a credible defence against them. Investing up front in how you will operate in the event of an attack and in your controls – e.g. preventative, detective, and responsive controls – will help you to manage the chaos more effectively.
With a well-rehearsed plan in place, first responders and leadership have a framework that they can rally around to defend their organisation. When there is a clear path of response people are more co-ordinated, focused, and willing to go that extra mile to get the attackers out.
“I’ve seen people sleeping in chairs having pulled 24 hr shifts, sleeping in camp beds in meeting rooms, and it’s because they want to save their organisation. That’s why it’s worth investing up front, to give your people that ability to move through that shock as quickly as possible and move into response,” David explains.
Tips for leading people through a cyber attack
It’s clear that leadership plays a pivotal role in how an organisation responds during an attack. So, here are 10 things our threat specialists recommend leaders do to in advance of an attack to better guide their team through a ransomware incident.
1. Invest up front in avoiding the attack and an effective incident response plan.
2. Determine in advance of an attack what your organisational stance is on paying the ransom. This stance might change depending on the circumstance but having this understanding already in place will help avoid any knee jerk reactions and ease the pressure decision makers face during an attack.
3. Agree recovery priorities (business and security) and how they will be balanced.
4. Invest in understanding your environment and maintaining this understanding.
5. Clearly determine who needs to create and execute the plan and hold them to account.
6. Select suppliers with the right experience and the right attitude before the crisis.
7. Agree and implement how you will communicate (assume normal channels are compromised and watched).
8. Agree and implement how you will detect, respond, and recover.
9. Exercise the plan and stress test the organisation (including your suppliers).
10. Engage with your core customers and agree how you will work together during the crisis.
If you’d like to learn more about ransomware and how to enhance your cyber resilience, you can watch our webinar recording, where our experts David and Bernard Montel, Security Strategist at Tenable unpick the journey of the ransomware attack and share practical techniques defenders can use to contain or extract an attack before, during and after the attempted breach.