We talk a lot about handling the initial car crash of a breach. What to do first, the comms that need to go out and the reporting to regulators. This all happens within the first few hours or days of a breach being discovered.
What about after that?
Last week I ran several cyber crisis exercises. The CMTs (Crisis Management Teams) for both companies were excellent at handling the initial fallout of the breach, containment and emergency comms. Where people so often struggle is what happens after that. Let’s say you’ve “weathered” the storm. You have control back and have ensured the attackers are no longer in your network.
That’s not where the work ends for the CMT.
In fact the next stage is by far more challenging. The CMT form the strategic team in a crisis.
After that initial response we have to consider questions such as:
How do they prioritise what systems and services to bring back online first?
What dependencies are there and how do you explain that to
Read the article