“We’ve been hacked”. When you hear that the world stops. What does this mean? How bad is it? How can we manage that? That was the news earlier this week. It was quite confronting!
Suddenly your careful plans for the day are thrown aside as your priorities have instantly changed.
The key questions are:
- What is the extent of the damage?
- How can we mitigate it?
- Who do we need to inform, what do we need to advise and when do we need to?
- How could this have happened?
When we got the call, the Incident Response Plan swung into action. We started with a quick SLT briefing. This made sure everyone was caught up and allowed us to review the questions above.
It was early in the incident, so we didn’t yet have the answers. My takeaway was the importance of keeping perspective. Despite our natural tendency to ‘jump’, it was vital to make sure there is no overreaction.
Once the questions were being asked, it became clear very quickly that this was a fire-drill. Our team had picked up an alert and escalated that to trigger a practice run. We get alerts from time to time and always double/triple check because we can’t afford to overlook anything. In this case, by checking and verifying it against the various tools we have in place, we quickly determined that it wasn’t a real incident. Nevertheless, it was a good opportunity to run a practice test and we learned a lot.
As the business owner, my immediate reaction was disbelief, and the second was relief. I know how seriously we take cyber-risk; I knew the many layers of protective tools in place, and I knew they are constantly checked and maintained. Nevertheless, I asked the team to verify the checks, and it was comforting when the double-check confirmed everything was as it should be.
The other question asked was ‘what else could be done” and there were a couple of suggestions. All were of marginal benefit but we’re still going to explore them. The peace of mind of knowing that we’ve done everything we can is overwhelmingly comforting.
Lessons – these cyber-fire-drills are brilliant practice.
Having an incident response plan is vital, and then testing and adjusting it for experience can only make it better. For example, we wanted to assess our plan for how it operates after hours, or when key-staff are unavailable.
Secondly, it is comforting to know that we have taken every reasonable precaution as we understand them to date. We know that this is a point in time and there will be new technologies that will become available and will become necessary to add to our defences.
If you would like to run a fire-drill event simulation of your own, please get in touch with your account manager.