Decision-making is a major challenge for incident management teams.
The time and effort that goes into decision-making usually leads to delays in response, which can lead to increased costs and legal liability. One way of tackling this problem is having a cyber security plan and an incident response team with clear roles and responsibilities (e.g., who will make the decisions about whether or not to pay ransom).
Coordination with third party vendors is also a challenge for organizations. Many cyber-attackers target vulnerabilities in products or services that are provided by external parties rather than the organization itself, which means it’s important to have good relationships with these partners. Having strong coordination can reduce costs and limit liability arising from incidents. For example, if the organization and its vendor have good coordination, it may be possible to fix problems faster.
Good communication is also important for incident management teams. It’s critical that all involved parties understand how to handle things such as which information should or shouldn’t be shared externally (e.g., media). Establishing clear guidelines and communication protocols can help teams to work well together and reduce the risk of miscommunication.
1. Cyber-Exercises Support Decision-Making
Making decisions like to pay the cyber-criminals the ransom fee or not can be ironed out during cyber-security simulation exercises. Ransomware simulated scenarios allow incident management teams and other decision-makers to walk through the pro’s and con’s without the pressure of it being a real situation. This ultimately will save time and stress during the real thing.
2. Understand Potential Coordination Challenges Before The Cyber-Attack
Understanding which role and responsibility each party has before a cyber-attack is essential in reducing costs and saving time. Having clear roles and responsibilities can make it easier to handle any critical decisions that may arise during an incident; such as who’s responsible for activating the IMT (Incident Management Team).
Critical third parties are also important for organizations, meaning having good coordination and communications with them can help to reduce costs and liability arising from cyber-attacks. If the organization knows what to expect from critical vendors then they can better prepare for an attack.
Establishing coordination protocols and then practicing them gives incident management teams a good foundation which is vital in reducing mistakes during real incidents. Add coordination to your cyber-security exercise objectives.
3. Do You Know All Your Stakeholders?
Having a list of all your critical stakeholders as well as others that you will need to communicate with during a major cyber-breach is paramount. Knowing what to say and do when communicating with these individuals can be the difference between life or death (not literally) for the organization.
Decision making is hard, but it’s easier if proper coordination has been established and practiced beforehand.
The tone of your communication with third parties is also important to consider as it can reduce costs and liability arising from cyber-attacks.
It’s important that all involved parties (especially decision makers) understand how to handle things such as which information should or shouldn’t be shared externally (e.g., media). Establishing clear protocols and communication strategies can help teams to work well together.
Good coordination with critical third parties is also important for organizations, meaning having good relationships with these partners can reduce costs and limit liability arising from incidents which means it’s essential to have strong coordination.
In conclusion, it’s important for all involved to understand how they will make decisions, coordinate and communicate effectively before a cyber-attack occurs.
Simulation exercises are vital in this process as it allows incident management teams to walk through the possible scenario’s without pressure. Add coordination and communication protocols into your cyber-security exercise objectives, have clear roles for all involved parties (including third party partners) and make sure you know who’s responsible for what before an attack occurs.