Prepare, respond, resume

Dan Norman
Published 07 - October - 2021
Read the full article on Security Middle East
emerging threatsransomwaresecurity magazinesupply chain

Dan Norman, senior solutions analyst at the Information Security Forum, guides us through the key steps every business should take to head off an extreme cyber attack

Sophisticated, destructive cyber attacks, such as large-scale ransomware, zero-day vulnerabilities and supply chain attacks can hit any organisation at any time. They are well-crafted, well-funded, with devastating impacts on operations, finances, reputations and even the mental health of the workforce. These extreme forms of cyber attacks are increasing in likelihood and probability, with any organisation a possible target. Surviving an attack is not about avoiding it, but rather about being better prepared for it, responding intelligently, with the goal of resuming normal operations swiftly and effectively. Here are some of the proactive steps organisations can take to overcome this potential risk.


Organisations should initially achieve excellence in cyber hygiene, eg maintaining a list of technical and physical assets across the organisation and having a world-class patching programme. Vulnerabilities must be identified and managed accordingly. In addition, back-ups of data and systems are critical. When services go down, having a fall-back is a must.

Developing a robust risk and threat profile for the organisation must be considered, e.g. staying on top of threat trends, maximising intelligence sharing and communicating these risks to senior management and the board. This can all help in justifying potential budget for crisis management and business continuity in the future.

Resiliency is a key component of managing cyber attacks, so understanding key operational dependencies, data flows and key regulatory demands are very helpful. In addition, rehearsal of cyber attacks can help prepare the entire business for a potential attack. From executive table-top simulations to incident response and penetration testing, each type of simulation can empower the workforce to manage the real attack better.


Real extreme cyber attacks are highly stressful and required significant collaboration from a number of business units and roles. Firstly, a governance structure must be established, e.g. to enable trustworthy internal information flows and driving engagement across incident response to HR and elsewhere.

Clear and concise communication is key to effectively manage the operational, financial and emotional impact of a cyber attack. Internal communication between the front-line incident response and technical teams, through to the rest of the workforce who may be locked out of devices and unable to work is highly important. In addition, external communication with regulators and other authorities like the police must be transparent and timely. Effectively managing these regulatory demands can be the difference between receiving a damaging fine or not.

Ultimately, whilst cyber attacks invoke connotations of technical response, it is always the humans coming to the rescue. That said, managing the emotion and stress of the event is key to enabling a resilient human workforce. Developing a teamwork culture can be the difference between burning-out or not. In many cases individuals try to be ‘heroes,’ which can have an inverse impact on the quality of the response due to lack of sleep, rushing and causing further panic.

Furthermore, having interim technology options or even human-based fall backs must be considered to enable business continuity. For example, if ransomware takes out your communication system, would you know who to call or how to call someone in the team?


If organisations have strong back-ups of data and systems then the resumption of normal business will be significantly easier. That’s not to say that it’s ever “easy…” There is always going to be a significant period of reconciliation, where information that has been gathered, created and stored on different interim systems need to be weaved back into the working environment. When restarting IT systems, performing detailed and robust risk assessments is imperative to identify technical factors, interdependencies, new data flows and potential threat actors that may impact the systems moving forward.

In many, if not all cases, extreme cyber attacks are a perfect opportunity for organisations to secure future budget for resilience and recovery-based initiatives, such as overhauling legacy systems and refreshing training and awareness. A true revision of information risk management must be considered, ranging from updating policies and procedures, providing all teams with relevant and timely security training and identifying the correct tools to manage certain security threats.

Moving forward, all organisations must monitor the media and threat intelligence for potential extreme cybers attacks, understanding how and why they were so successful. Constantly questioning the business’ preparedness and then actively testing it can identify weak spots and areas for future investment. Proactivity is the key when preparing for these types of attack, and having robust systems, procedures and back-ups in place can be the difference between surviving an extreme cyber attack or potentially going extinct.