Crisis Management Cybersecurity Response Series
CM Ai Gen_with Cert Logo_9

Playbook: Threats against Malware

What happens if your organisation or employees is experiencing a Malware attack?
Moh Heng Goh
Crisis Management Certified Planner-Specialist-Expert

Action Steps for Threats against Malware

Description of Crisis

Cyber attacks can take many forms: malware, Phishing, Man-in-the-middle, Denial-of-service, SQL injection, Zero-day exploit, and DNS Tunneling. The most common types of Malware are viruses, worms, Trojan horses, spyware, adware, and ransomware.


To efficiently respond to and mitigate the effects of a malware attack.

New call-to-actionScenario: Users' Systems are Infected with Malware

Action Steps

  • Review the Crisis Management Plan to keep it updated
  • Keep Corporate Call-Tree updated whenever staff movement
  • Maintain Risk Controls and Scan the environment
    • Continually identify risk and potential crisis scenarios
  • Subscribe to cybersecurity agency, if applicable [e.g. Cybersecurity Malaysia, SingCERT, CSA Singapore]
  • Educate staff on Cyber Security and compliance continually
  • Update and maintain BC plans and IT DR plans
  • Conduct table-top exercises for the CM Plan at least once a year
  • Ensure the Incident Management Team assesses cyber attacks' complexity, extent, and impact.
  • Prepare to escalate to CMT by the Incident Manager
  • Advise CMT to determine if it fits the crisis scenario and execute the CM Plan
  • Prepare to execute internal messaging to activate the call tree for stakeholders: SME, functional heads, SOC, etc.
  • Execute crisis communication plan
    • Inform/ update the users/ customers affected.
    • Inform/ update higher management and follow the corporate escalation process.
    • communicate with customers on service affected
Activate the Command Centre
  • Activate the Bridge to have all key stakeholders in the conference
  • Ensure Command Centre members log discussions/decisions and actions taken with a timestamp of the activities and update the progress status of resolutions
  • Activate key support vendors SMEs and work in tandem with the IM Team
    • Determine and agree with the Exit Criteria
    • Involve company legal and internal CISO in case of data breach
    • Resolution
      • Isolate network to contain the situation
      • Use the tools vendors provide to clean and remove the malware, ransomware, etc., on the systems affected.
      • If the system cannot be recovered, restore from the last known good backup
      • Rescan the network and systems with the latest scan engine to ensure systems are free from malware
      • Release affected and recovered systems for user testing
      • Conduct forensic investigation on the malware/ransomware
  • Confirm that the exit criteria are being achieved and accepted by the user/ customer.
  • Submit formal crisis reports to management and relevant agencies, e.g. regulators.
  • Provide the post-crisis evaluation and lessons learnt
  • Maintain a checklist for any referencing needed later
  •  Review the crisis internally to determine if there are gaps that need to be worked on
  • Recommend any enhancement to the necessary infrastructure to strengthen the security defence further
  • Determine if any service credits or claims that need to be addressed with users



Do You Want to Continue Your CM Professional Training with Certification Remotely?

Competency-based Course
Certification Course
New call-to-action New call-to-action [BL-3-Catalog] What Specialist Level Blended Learning Courses that are Available? [BL-5-Catalog] What Expert Level Blended Learning Courses that are Available?

Reference Guide

A Manager’s Guide to Implementing Your Crisis Management PlanGoh, M. H. (2016). A Manager’s Guide to Implement Your Crisis Management Plan. Business Continuity Management Specialist Series (1st ed., p. 192). Singapore: GMH Pte Ltd.

Extracted from Appendix 6D: Threats against Property

Note: This version is the draft 2nd Edition being updated in 2021. The numeric in the square bracket {C##] and [AX-#] is the cross-referencing of the actual chapter and appendices in the 2016 Edition.

More Information About Crisis Management Blended/ Hybrid Learning Courses

To learn more about the course and schedule, click the buttons below for the  CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].

New call-to-action New call-to-action New call-to-action
New call-to-action New call-to-action [BL-CM] [5] Register
New call-to-action

Please feel free to send us a note if you have any questions.

Email to Sales Team [BCM Institute]

FAQ BL-CM-5 CM-5000
New call-to-action New call-to-action New call-to-action



More Posts

New Call-to-action