How To Prepare for Overcoming a Cyber Incident

There are several aspects to consider in order to be prepared. First, cyber defense requires that you know your partners, especially if they handle your organization's information. For example, you need to make sure that access control is clearly in place in a cloud-based file sharing system. You also need to make sure that ransomware or other uninvited guests are prevented from entering your network through partners.

Second, people. Employee awareness plays a key role in protecting yourself. Employees need to be informed and instructed on how to act in the event of cyber incidents. The information security unit must have its own emergency number for crisis situations, that is a hotline personnel can contact to report their concerns. No matter how slight the suspicion, it must be reported immediately because the cost of days or weeks of delay can be very high. It should be mentioned that even in organizations where information security training takes place regularly, around 10 percent of employees still forget themselves and click where they should not.

Third, processes. There must be guidelines for critical situations on who exactly needs to do what. For example, in a power plant, there must be a very comprehensive manual on which button to press at what time, otherwise everything will blow up. Processes and guidelines are meant for managing the incident within the organization and coordinating with external partners when necessary. So that every link in the information security chain knows what it has to do. From the point of view of an employee, it is enough for him/her to know the person whom to contact in the event of an incident. The rest is the responsibility of the Chief Information Officer who decides when and through which channels he/she informs the management, authorities, etc.

Fourth, technology. It is an important part of the preparation and must be capable of gathering information about the incident and contributing to the quick resolution of the situation. It goes without saying that technology must not be the organization's Achilles heel that facilitates attacks. Businesses typically replace laptops and other office equipment every 3-5 years. All information security solutions should also be reviewed with a fresh eye at the same interval because their life cycles are different and some of them may be hopelessly outdated.

In addition to the loss or manipulation of data, an attack can lead to reputational damage, the consequences of which the company will have to deal with for some time.

However, in the event of an incident, you must be ready for well thought out communication both within the organization and with your customers and other external target groups.