Crisis Management Playbook Series
CM Ai Gen_with Cert Logo_1

Playbook for Incident Response to Threats Against Ransomware Attack

What happens if your organisation or employees threaten your organisation's property and assets?
Moh Heng Goh
Crisis Management Certified Planner-Specialist-Expert

Action Steps for Threats against Cyber Attack

Description of Crisis

A cybersecurity event is a cybersecurity change that may have an impact on organizational operations (including mission, capabilities, or reputation)

Playbook: Threats against Ransomware AttackScenario: A ransomware attack, locking business-critical data and disrupting services essential to PSP’s operations

Action Steps

Pre-Crisis

Before the crisis hits, the organization ("ABC Company") should make sure to:

  • Ransomware Attack 01Explain to the crisis management members the threat (ransomware, phishing, etc) and how it works.
  • Establish a cybersecurity event response guideline.
  • Maintain up-to-date critical contact information (service providers, additional resources, third parties intervening during a cybersecurity crisis, etc).
  • Identify alternative methods of communication in case virtual meetings are not possible and business units if emails are unavailable (conference bridge, physical command centre, etc.).
During-Crisis

The crisis management team should consider the following while managing the crisis:

  • Rely on the cyber event response team to obtain updates on the situation (technical response);
  • Gather information on the cyber security incident;
  • Follow cyber response guidance described in the Cyber Event Response handbook;
  • Assess the impact on operations (current and imminent):
    • Identify which critical systems and data are affected;
    • Identify what critical operations are or will be interrupted;
    • Communicate with affected business units
    • Determine if BCPs and manual workaround should be activated
  • Assess the impact on employees (if HR data is impacted);
    • Identify what types of HR data have been affected
    • Identify which employees have been affected
    • Provide support and, if needed, offer credit bureau services to affected employees
    • Communicate with affected employees and explain to "ABC Company" action plan.
  • Assess the impact on suppliers and partners (If suppliers and partners are affected)
    • Identify what types of data have been affected
    • Identify which suppliers/partners have been affected
    • Communicate with affected suppliers/partners and explain the "ABC Company" action plan.
  • Assess legal and regulatory impacts;
  • Identify objectives for success (e.g., recovering operations, data, etc.)
  • Communicate with relevant authorities
  • If needed, communicate with a third party to help manage the situation
  • If applicable, liaise with a cyber insurance supplier;
Post-Crisis

Once the objectives for success have been met and the crisis has been resolved:

  • Identify gaps and action plans to improve IT security and awareness
  • In a post-event report, identify what went well and what went wrong in the crisis management response and establish action plans.
  • Communicate the post-event report to relevant stakeholders.

 

More Information About Crisis Management Courses

To learn more about the course and schedule, click the buttons below for the  CM-300 Crisis Management Implementer [CM-3] and the CM-5000 Crisis Management Expert Implementer [CM-5].

New call-to-action New call-to-action New call-to-action
New call-to-action New call-to-action [BL-CM] [5] Register
New call-to-action CMCS Crisis Management Certified Specialist Certification (Size 100)

Please feel free to send us a note if you have any questions.

Email to Sales Team [BCM Institute]

 CMCE Crisis Management Certified Expert Certification (Size 100) FAQ BL-CM-5 CM-5000
New call-to-action New call-to-action New call-to-action

Comments

 

More Posts

New Call-to-action
BCMIWhiteLogoSmall.png
All rights reserved. Copyright 2024