Crisis management in action: Handling a global cyber attack

Cyber attacks – a daily occurrence

Virtually every organisation, whether private or public, faces the very real threat of a cyber attack. These come in multiple forms including:

• Denial of service (DoS) and Distributed Denial of Service (DDoS) in which an organisation’s resources are targeted and its systems are taken offline.
• Ransomware where data is withheld until a ransom is paid.
• Data theft, which unlike ransomware, involves the theft of sensitive data with no intention of returning it.
• Viruses which replicate themselves and are quickly transferred via other code in a system among organisations.
• Phishing, which is a communication-based attack (for example, an email) often sent to an employee from what they believe to be a trusted source.

Crisis management response

Following a recent ransomware attack on a large international provider of B2B software and services, 4C Strategies was assigned with managing the company’s crisis management response. A dedicated 4C team, consisting of crisis management, IT security, and crisis communication experts, was quickly assembled. The initial goal was to ensure the appropriate actions were taken, and – equally important – that the right information and procedures were effectively communicated across the organisation.

Taking control of the situation

According to Klas Lindström, 4C Executive Vice President and crisis management specialist, there are three important tasks that crisis management teams should focus on:

1. Getting an understanding of what is happening using a tool such as the 4C Facts and Assumptions Model
2. Indicating the way forward for the organisation.
3. Ensuring the organisation has the mandate and necessary resources to move ahead

“One of the biggest mistakes we witness are senior managers acting in an operational rather than strategic manner, and mistaking their assumptions for facts,” explains Klas. “This is why we recommend using a proven and intuitive model when dealing with something of this magnitude. The 4C model is a 2×2 matrix used for status reporting and strategic decision-making. It consists of Facts, Assumptions, Direction and Communication, which are continuously updated as the crisis unfolds.”

If you find yourself in a crisis where sensitive data is being targeted there are a number of steps you can take. However, we always recommend you get support from an expert crisis management organisation.

• Disconnect systems where possible and patch up the holes in your architecture
• Identify and map which data has been stolen
• Analyse the stolen data to understand what impact its loss/publication will have
• Implement mitigation plans internally and with customers
• Examine GDPR and any other regulatory repercussions (will vary depending on location and organisation, i.e. government, listed etc.)
• Contact the police, cyber insurance provider and communication specialists

The attack on the company was one of thousands of ransomware attacks that are carried out on a daily basis on multi-national companies. In its 2019-2020 Ransomware Report, ENISA (The European Union Agency for Cybersecurity) found that an estimated 10.1 billion Euros were paid in ransoms during 2019 – a 30 percent rise on 2018 payments. The report also found that although 45 percent of organisations paid the ransom demands, half of them still lost their data.

Read about our collaborations with ENISA.

Prepare for the worst to handle an attack

“The question facing global actors today is no longer if you are a target, but how you will act when an attack occurs,” continues Lindström. “If you haven’t done your risk assessments and practiced realistic scenarios, you won’t be prepared or know how your organisation will cope until it’s too late. How will key staff interact in a high-pressure crisis situation? What systems can and must be turned off? What must be protected at all costs to safeguard operations and sensitive data? What are your strategic directions in a crisis situation?”

“When an attack or a major disruption occurs, you’ll be very happy that you’ve conducted training and exercises in advance, that you have robust IT-systems and contingency plans, and that you have reliable people and partners in the crisis management team,” concludes Lindström.

The spiralling costs of ransomware

The fiscal costs of cyber hacks – before the cost to reputation is calculated – can run into hundreds of millions of dollars. For instance, it’s estimated that the NotPeyta ransomware attack cost global shipping and logistics company Maersk over USD 200 million as, among other things, more than 4,000 servers and 45,000 computers had to be repaired.

Today, cyber security takes multiple forms. Organisations must work proactively to counter the threat of an attack but, in a worst-case scenario, they need proven crisis management processes in place to rapidly manage the situation both from a strategic and an operative perspective. Having effective Business Continuity Management and IT Continuity, will also enable decisions to be taken to maintain critical operations without second-guessing the outcome.

Find out how we can help you prepare with IT continuity planning and response.