Transformation Quarterly 01_2023

by Daniela Münster

Every company that is faced with specific risks has its own special contingency plans. This ranges from general fire protection to major disasters such as chemical accidents. What they have in common is that it takes practice to transform them into effective prevention. The simulation of cyber attacks is the fire drill of the virtual age. While fire protection is standard practice in many companies, cyber-security is still lagging behind. Having a tailor-made cyber-security strategy is crucial.

Several elements come into play here. For one thing, cyber-security should be a top priority in the company and in crisis management. Responsibilities need to be clearly defined within the company and provided with the appropriate resources. This also involves the Board recognising the importance of the topic and clearly promoting it to everyone in the company. Besides raising awareness among employees and taking appropriate IT security precautions, being prepared for serious incidents is essential. It is important to establish appropriate frameworks, prepare contingency plans and carry out regular drills.

Identifying risk scenarios and having a cyber crisis manual lay the foundations for prevention

Gap analyses help to examine, protect or remedy potential vulnerabilities in IT systems. But it is only when the right plan in place that people can take a level-headed approach to handling cyber attacks. To achieve this, it is important to identify and go over potential scenarios. Following that, a crisis manual needs to be prepared. This manual will set out a plan of action for emergencies and be a living document that is regularly updated with the latest information and in line with changing circumstances. It will simplify and speed up work.

Key components of the crisis manual should include clear definitions of procedures. Depending on the scenario, these can vary greatly and be enhanced by outlining if-then situations. Precise roadmaps should be formulated for the event of an attack. What should be done first, who is informed and when, what are the reporting obligations? Checklists make it easier to comply with procedures. In addition, the availability of the crisis team should be established, including all contact details and substitutes. Last but not least, it is hugely beneficial to store as many materials as possible as templates. This saves time in the event of an emergency and ensures quicker and smoother communications both within the company and externally.

Drills as a reality check and means to prepare for emergencies

As a next step, cyber attacks must be simulated on a regular basis. It is only in practice that it becomes clear whether the prepared content and processes are really appropriate. New findings are added to the manual after each drill. It has been shown that the ideal solution is to use three drills that build on each other. The first step is to go through the manual during a desktop drill, which involves all members of the crisis communications team gathering around a table, checking its contents for plausibility and discussing processes. During the second drill, a scenario is acted out in real time together at the table. The leader of the drill has a detailed script with new pitfalls. In a final step, it is recommended that a full simulation is carried out. Participants are not informed in advance, everyone goes about their day-to-day work and the simulated crisis takes them by surprise, just as it would in a real-life emergency. In this case, one participant may be picking up their daughter from nursery school and another participant may be on holiday or sick. Not everyone will be able to work or be reachable. Alternative communications paths and channels should also be considered. This is because mailing systems can fail during cyber attacks. This reveals how well processes are ingrained and whether everyone knows how to proceed.

In our experience, this kind of three-part approach usually reveals that teams have gelled together and that the content is up to the demands of the real world. This makes it all the more important to regularly repeat drills to keep learned processes flexible. These practical steps will at least prepare companies for an upcoming attack and help them to deal with a cyber attack in a faster and more prudent manner. Proper preparation accounts for 80% of success.

Photo: Puzankova