Cyber attacks – a daily occurrence
Virtually every organisation, whether private or public, faces the very real threat of a cyber attack. These come in multiple forms including:
- Denial of service (DoS) and Distributed Denial of Service (DDoS) in which an organisation’s resources are targeted and its systems are taken offline.
- Ransomware where data is withheld until a ransom is paid.
- Data theft, which unlike ransomware, involves the theft of sensitive data with no intention of returning it.
- Viruses which replicate themselves and are quickly transferred via other code in a system among organisations.
- Phishing, which is a communication-based attack (for example, an email) often sent to an employee from what they believe to be a trusted source.
Crisis management response
Following a recent ransomware attack on a large international provider of B2B software and services, 4C Strategies was assigned with managing the company’s crisis management response. A dedicated 4C team, consisting of crisis management, IT security, and crisis communication experts, was quickly assembled. The initial goal was to ensure the appropriate actions were taken, and – equally important – that the right information and procedures were effectively communicated across the organisation.
Taking control of the situation
According to Klas Lindström, 4C Executive Vice President and crisis management specialist, there are three important tasks that crisis management teams should focus on:
- Getting an understanding of what is happening using a tool such as the 4C Facts and Assumptions Model
- Indicating the way forward for the organisation.
- Ensuring the organisation has the mandate and necessary resources to move ahead
“One of the biggest mistakes we witness are senior managers acting in an operational rather than strategic manner, and mistaking their assumptions for facts,” explains Klas. “This is why we recommend using a proven and intuitive model when dealing with something of this magnitude. The 4C model is a 2×2 matrix used for status reporting and strategic decision-making. It consists of Facts, Assumptions, Direction and Communication, which are continuously updated as the crisis unfolds.”
The 4C Facts and Assumptions Model explained:
- Facts are what we know has happened – no speculation – and what measures have already been taken.
- Assumptions are crucial – they reflect what we do not know for certain, but the way in which the event is likely to develop. They must be verified or reconsidered at every stage of the crisis decision-making process.
- Direction is about what we want to achieve – our goal and strategic priorities, without micromanaging the operational response.
- Communication is about what we communicate, externally and internally, including the target groups for those key messages.
Damage limitation is always important once it becomes obvious an attack is taking place. When the threat was apparent, the company’s IT team reacted quickly by shutting down servers to limit any damage to a minimum. However, this was just the starting point of what quickly became a full-scale assessment and categorisation of the organisations’ systems and data.
Deploying counter measures
“After the immediate threat of extortion was averted, we began the hard task of further assessing the situation,” explains Johan Würtz, Chief Information Officer at 4C. “This involved conducting an analysis of the data to get a clear understanding of what had been compromised. Based on this analysis, we could deploy effective internal counter measures and advise the company’s clients that had been affected on what actions they needed to take. This consisted of long-term impact assessments, internal and external crisis communications, and general crisis management directions, among other things.”
The attack on the company was one of thousands of ransomware attacks that are carried out on a daily basis on multi-national companies. In its 2019-2020 Ransomware Report, ENISA (The European Union Agency for Cybersecurity) found that an estimated 10.1 billion Euros were paid in ransoms during 2019 – a 30 percent rise on 2018 payments. The report also found that although 45 percent of organisations paid the ransom demands, half of them still lost their data.
Read about our collaborations with ENISA.
Prepare for the worst to handle an attack
“The question facing global actors today is no longer if you are a target, but how you will act when an attack occurs,” continues Lindström. “If you haven’t done your risk assessments and practiced realistic scenarios, you won’t be prepared or know how your organisation will cope until it’s too late. How will key staff interact in a high-pressure crisis situation? What systems can and must be turned off? What must be protected at all costs to safeguard operations and sensitive data? What are your strategic directions in a crisis situation?”
“When an attack or a major disruption occurs, you’ll be very happy that you’ve conducted training and exercises in advance, that you have robust IT-systems and contingency plans, and that you have reliable people and partners in the crisis management team,” concludes Lindström.
Download Solution Brief
Get in Touch
Discover how you can build your risk, business continuity and crisis management capability with our expert services. Book a free consultation with one of our consultants to discuss your requirements.