Virtually every organisation, whether private or public, faces the very real threat of a cyber attack. These come in multiple forms including:
Following a recent ransomware attack on a large international provider of B2B software and services, 4C Strategies was assigned with managing the company’s crisis management response. A dedicated 4C team, consisting of crisis management, IT security, and crisis communication experts, was quickly assembled. The initial goal was to ensure the appropriate actions were taken, and – equally important – that the right information and procedures were effectively communicated across the organisation.
According to Klas Lindström, 4C Executive Vice President and crisis management specialist, there are three important tasks that crisis management teams should focus on:
“One of the biggest mistakes we witness are senior managers acting in an operational rather than strategic manner, and mistaking their assumptions for facts,” explains Klas. “This is why we recommend using a proven and intuitive model when dealing with something of this magnitude. The 4C model is a 2×2 matrix used for status reporting and strategic decision-making. It consists of Facts, Assumptions, Direction and Communication, which are continuously updated as the crisis unfolds.”
The 4C Facts and Assumptions Model explained:
Damage limitation is always important once it becomes obvious an attack is taking place. When the threat was apparent, the company’s IT team reacted quickly by shutting down servers to limit any damage to a minimum. However, this was just the starting point of what quickly became a full-scale assessment and categorisation of the organisations’ systems and data.
“After the immediate threat of extortion was averted, we began the hard task of further assessing the situation,” explains Johan Würtz, Chief Information Officer at 4C. “This involved conducting an analysis of the data to get a clear understanding of what had been compromised. Based on this analysis, we could deploy effective internal counter measures and advise the company’s clients that had been affected on what actions they needed to take. This consisted of long-term impact assessments, internal and external crisis communications, and general crisis management directions, among other things.”
The attack on the company was one of thousands of ransomware attacks that are carried out on a daily basis on multi-national companies. In its 2019-2020 Ransomware Report, ENISA (The European Union Agency for Cybersecurity) found that an estimated 10.1 billion Euros were paid in ransoms during 2019 – a 30 percent rise on 2018 payments. The report also found that although 45 percent of organisations paid the ransom demands, half of them still lost their data.
Read about our collaborations with ENISA.
“The question facing global actors today is no longer if you are a target, but how you will act when an attack occurs,” continues Lindström. “If you haven’t done your risk assessments and practiced realistic scenarios, you won’t be prepared or know how your organisation will cope until it’s too late. How will key staff interact in a high-pressure crisis situation? What systems can and must be turned off? What must be protected at all costs to safeguard operations and sensitive data? What are your strategic directions in a crisis situation?”
“When an attack or a major disruption occurs, you’ll be very happy that you’ve conducted training and exercises in advance, that you have robust IT-systems and contingency plans, and that you have reliable people and partners in the crisis management team,” concludes Lindström.
Discover how you can build your risk, business continuity and crisis management capability with our expert services. Book a free consultation with one of our consultants to discuss your requirements.
