How does a cyber incident feel?

There’s lots of documentation out there to help with cyber security incident response, but sometimes it’s not what you do that matters, but how — and how ready you are to do it. This month I spoke about the aspects of incident management that you can’t get from a policy, playbook, process or checklist.

If you’ve not personally dealt with a major crisis, one of the hardest things to understand is how a crisis feels. And whether you have had your own crisis to deal with or not, one of the hardest things to appreciate is how much control you do have over that experience and therefore the outcomes.

This week, a local organisation that that had recently suffered a ransomware attack came to talk to us. It was hard to hear, because the story they told was one of personal trauma and challenge.

When their business was attacked, the first thing they saw was unusual systems behaviour. They called in their IT team, thinking this would be a routine issue and easily resolved. It was the mention of the word ‘ransomware’ that rang alarm bells.

Ransomware was confirmed and they called their insurance company who were able to connect them with a specialist incident response and forensics provider.

However, the experience of waiting for the experts and wondering if you are doing the everything you should or not, all whilst watching the business or organisation you have build collapsing around you, is not a fun one.