Crisis Management | CM

Playbook for Incident Response to Threats Against Phishing Attack

Written by Moh Heng Goh | May 29, 2024 7:11:16 AM

Action Steps for Threats against Phishing Attack

Description of Crisis
Objective

To efficiently respond to and mitigate the effects of a phishing attack.

Trigger

This playbook is triggered when a user reports a suspected phishing email or an email security system flags a potential phishing attempt.

Action Steps

Pre-Crisis
Preparation
  • Regularly update anti-phishing training for all employees.
  • Ensure all systems have the latest security patches.
During-Crisis
Identification

Confirm the phishing attempt:

  • Verify sender information.
  • Check for suspicious links or attachments.
  • Analyze for urgency or pressure tactics in the email content.
Containment

If a phishing email is identified:

  • Instruct the affected user to not interact with the email.
  • Isolate the affected user’s account from the network if interaction has occurred.
Eradication
  • Remove phishing emails from all user inboxes.
  • If any systems were compromised, initiate a password reset and malware scan.
Recovery
  • Monitor the affected systems to ensure they return to normal operational status.
  • Conduct a review to confirm that the threat has been entirely eradicated.
Post-Crisis
Post-Incident Activity
  • Record the incident’s details for future reference.
  • Update defence mechanisms based on the attack’s nature.
  • Provide additional training if necessary.
Communication
  • Inform the IT security team and stakeholders about the incident.
  • Communicate transparently with affected parties as appropriate.
Review
  • Hold a post-incident meeting to discuss what was learned and how to prevent similar incidents.
  • Update the playbook with any new findings.

 

More Information About Crisis Management Courses

To learn more about the course and schedule, click the buttons below for the  CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].

Please feel free to send us a note if you have any questions.