HOME
NEWS

CYBER CRISIS MANAGEMENT PLAN: A NECESSITY


By VARINDIA - 2020-10-26
CYBER CRISIS MANAGEMENT PLAN: A NECESSITY

ANIL RANJAN, Sr. Practice Lead & Sr. Solution Architect, Inspirisys Solutions

 

Cyber security incident is a crisis scenario that every organization is vulnerable to. It is almost impossible to protect the business 100% from cyberattacks, but we can create an effective incident response plan that instructs our IT team on how to respond to an attack. Effective crisis management is not the same as cyber incident response. A computer incident could refer to such as malware infection, Application/network disruption involved limited information disclosure and can be handled by incident response plan. Just an information may be provided to CIO/CISO for such incident. Cyber crisis refers to more serious incident that has potential to cause significant financial loss or brand reputation damage and company’s top management CEO, COO, CFO, CIO, CISO must be involved.

 

IT (Information Technology) systems are vulnerable to a different type of threats from a variety of sources such as natural disasters, human error, and hacker attacks. The disruptions due to these threats can be from short-time power outage, hard disk drive failure to severe like equipment destruction, fire, online database hacked. Crisis management planning include those steps to recover IT services from an emergency or system disruption.

 

Crisis Management Plan and BCP/DR are interrelated but distinct. DR details of procedures and steps to recover from a disaster.

Business Continuity Plan= Crisis Management Plan + DR Plan Cyber Crisis lifecycle: Pre-Crisis, Crisis phase and Post Crisis.

Pre-Crisis Phase:

 

Crisis Detection: Detection information may come from external sources, such as – customer complaint, regulator complaint, and any other third party; and also from internal sources like helpdesk team and the team engaged for “Security Incident Management Procedure”.

Pre-Crisis Phase includes--- 24*7 monitoring, identifying and creating a crisis team – a group of people working across the business who will be responsible for the strategy and for seeing it through. Appointing expert media trained spokesperson to be interviewed. Identifying employees, shareholders, stakeholders, the public, partners and the media.

Communication templates for breach notifications should be ready, for example for GDPR.

Templates of statements for customers, business partners, media and external agencies should be prepared;

 

For Banking sector, RBI Guidelines should be followed.

 

Crisis phase: Management must be prepared to communicate, as needed, across all media, including social media, in ways that assure stakeholders that the organization’s response is equal to the situation, through the right channels and via the crisis team – before rumor, incorrect information or negative reactions start to propagate. Being silent is not a good step and people/stakeholder may think as something wrong/hidden thing and organization brand reputation can be damaged.

 

Need to know whether there was any failure on the part of the organization, either due to a lack of control in its systems, processes, policies or technology. As per situation demand, apology/ accepting some responsibility is not a wrong step. Recovery strategy with brief details can be explained. Govt or Law & order maintaining department should be informed as per the severity of crisis and as per company’s guidelines.

 

Need to determine the affected stakeholders and if any data is exposed than need to determine, what data has been exposed, and impact of this. If personally identifiable information (PII) was involved, steps have to follow as per data privacy legal rule. Communication templates for breach notifications should be used as required by applicable privacy laws, for example GDPR

 

Post-Crisis:

 

During this phase, companies will take the opportunity to look back and reflect. They do the deep analysis and investigation, RCA (Root cause Analysis) to know the root cause, which helps them to change their policy/procedure, Preventive action for the next crisis. It’s a lesson learning also for the company. Lesson learnt database must be created.

 

Post-crisis, organization should be in touch with the media and different stakeholders to rebuild the relationship and trust. If you’ve handled the crisis well, there should be latent trust and credibility that you can build on.

 

 

CHALLENGES FOR CYBER CRISIS MANAGEMENT PLAN:

 

1. Company’s top management lacks understanding of their role & responsibility in case of Cyber Crisis.

2. Communication plan, trained media Spokesperson is not defined.

3. No guidelines when to communicate to Law & Order govt department,

4. Cyber Crisis Management plan never exercised/tested.

5. Templates of statements for customers, business partners, media and external agencies not prepared.

6. Either there is no insurance coverage for cyber crisis or it’s T&C not clearly defined.

 

MOST VULNERABLE INDUSTRY FOR CYBER ATTACK IN INDIA:

 

* Banking & Financial

* Power industry

* Manufacturing Industry

* Healthcare

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Zscaler announces AI innovations to its Data Protection Platform
Technology

Zscaler announces AI innovations to its Data Protection Platform

by VARINDIA 2024-05-20
SHIELD to enhance Swiggy’s fraud prevention and detection capabilities
Technology

SHIELD to enhance Swiggy’s fraud prevention and detection capabilities

by VARINDIA 2024-05-20
Axis Communications announces its first thermometric camera designed for Zone/Division 2
Technology

Axis Communications announces its first thermometric camera designed for Zone/Division 2

by VARINDIA 2024-05-20
SOFTWARE
View All
Hitachi Vantara and Veeam announce Global Strategic Alliance
Technology

Hitachi Vantara and Veeam announce Global Strategic Alliance

by VARINDIA 2024-05-16
Adobe launches Acrobat AI Assistant for the Enterprise
Technology

Adobe launches Acrobat AI Assistant for the Enterprise

by VARINDIA 2024-05-11
Oracle Database 23ai offers the power of AI to Enterprise Data and Applications
Technology

Oracle Database 23ai offers the power of AI to Enterprise Data and Applications

by VARINDIA 2024-05-10
START - UP
View All
Data Subject Access Request is an integrated module within ID-REDACT®
Technology

Data Subject Access Request is an integrated module within ID-REDACT®

by VARINDIA 2024-04-30
SiMa.ai Secures $70M Funds from Maverick Capital
Technology

SiMa.ai Secures $70M Funds from Maverick Capital

by VARINDIA 2024-04-05
Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure
Technology

Sarvam AI collaborates with Microsoft to bring its Indic voice LLM to Azure

by VARINDIA 2024-02-08

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

by VARINDIA
Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

by VARINDIA
Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

by VARINDIA
Start-Up and Unicorn Ecosystem
GoDaddy harnesses AI power for new domain name recommendations

GoDaddy harnesses AI power for new domain name recommendations

by VARINDIA
UAE’s du Telecom selects STL as a strategic fibre partner

UAE’s du Telecom selects STL as a strategic fibre partner

by VARINDIA
JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

JLR and Dassault Systèmes extend partnership for All Vehicle Programs worldwide

by VARINDIA
Rapyder partners with AWS to accelerate Generative AI led innovation

Rapyder partners with AWS to accelerate Generative AI led innovation

by VARINDIA
ManageEngine integrates its SIEM solution with Constella Intelligence

ManageEngine integrates its SIEM solution with Constella Intelligence

by VARINDIA
Elastic replaces traditional SIEM game with AI-driven security analytics

Elastic replaces traditional SIEM game with AI-driven security analytics

by VARINDIA
Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

Infosys and ServiceNow to transform customer experiences with generative AI-powered solutions

by VARINDIA
Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

Crayon Software Experts India inaugurates its ISV Incubation Center in Kolkata

by VARINDIA
Dassault Systèmes to accelerate EV charging infrastructure development in India

Dassault Systèmes to accelerate EV charging infrastructure development in India

by VARINDIA
Tech Mahindra and Atento to deliver GenAI powered business transformation services

Tech Mahindra and Atento to deliver GenAI powered business transformation services

by VARINDIA