Why set up a crisis unit against cyberattacks?


Having a crisis cell is essential in order to hope to get out of an IT disaster as soon as possible, especially when it is major, such as a ransomware attack.

“It is important to prepare, in order to be in working order on D-Day, advises Loïc Guézo, director of cybersecurity strategy SEMEA at Proofpoint. The crisis unit is a system that must be put in place upstream, by precisely defining the role of each and by allocating the necessary resources. »

Process, roles and means

Setting up a crisis unit requires thinking about the processes to be applied in the event of a computer incident, whether for restoring the information system or communicating with the public and the authorities. The development of reflex sheets will make it possible to carry out the processes efficiently and quickly. “We must not forget to collect elements to go back to the authorities”, specifies Loïc Guézo. “An essential action, which will participate in the fight against cybercrime. »

It is also important to think about the role of each member of the crisis cell, as well as the possible escalation in responsibilities that will apply when the cell is activated. “It may be good for a dedicated and trained manager to take precedence over general management for communication operations, for example. “These temporary upgrades must be thought out in advance, in order to avoid friction once the crisis unit is activated.

Finally, dedicated resources must be assigned to the crisis unit. “In the event of a computer intrusion, it is reasonable to think that the company’s messaging system and active directory are compromised. It is therefore recommended that the crisis unit have its own means of communication, disconnected from those usually used by the company. A kind of crisis information system (IS), separate from the company’s classic IS. So that the organization’s activity is not too strongly impacted, this crisis IS can be designed to take charge of certain strategic business tasks.

A regular workout

The role of the crisis unit is close to that of fire fighters. Firefighters are a dormant resource, only deploying when a major event occurs. To guarantee the effectiveness of their action, they must have their own resources, but also regular training.

“As long as a major incident hasn’t happened, one might think that the resources assigned to the crisis unit are useless. But when an incident happens, we are happy that everyone is prepared. As such, carrying out test procedures every six months, or even every year, is recommended to maintain the crisis unit in operational conditions. »

All this requires resources that may seem beyond the reach of SMEs. And yet, faced with the risk of a major attack, by ransomware for example, it is difficult to do without a crisis unit.

Some tasks can be outsourced. “An external firm can carry out an assessment of the organization’s risk exposure, in order to help define the means of protection, as well as the scope of action of the crisis unit. Tests can also be carried out by external partners. Finally, the tools can consist of cloud solutions, which are easy to set up. But at some point, there will be decisions to be made to manage the crisis, and that cannot be delegated. If there is one thing that cannot be outsourced, it is the crisis unit itself,” concludes Loïc Guézo.





Source link -97