Speaking at the DTX event in London, Lisa Forte, partner at Red Goat Cyber highlighted the three biggest problems in crisis situations, namely that there is an expectation of a ‘big red button’ to solve all of the problems, and that there is little preparation for supply chains and corporate communications.

On the first point, Forte said there is an expectation of the ‘big red button’ that is the “ultimate containment facility in the event of an attack, and contain the threat and everything is fine.”

Forte said that when this is a reality, there is no realisation that to cut off communications for the attacker, also means that the whole business is cut off from the internet. “So all of a sudden you don’t have access to a cloud drive, you don’t have access to a lot of the things you actually need to investigate and manage the incident, and communicate,” she said.

Also presenting was Colin Topping, former CISO of Rolls Royce and now owner and consultant at Ginger Cat Cybersecurity, who said there are different controls for different sized businesses, and this leads to different conversations.

“Even if there is a big red button that you can press to contain, there are questions about that as well because it is a balance,” Forte said. “If you have a threat that you truly believe has a high risk of spreading out of your environment, then there is a potential legal responsibility to do something about that and contain it.”

Tools as Solutions

Forte said there is also a challenge of tools sold as “silver bullet solutions, that are perfect, and if we invest in them we will be fine.” 

She said: ”Think about those tools, and you’ve got a button that you press, it takes everything offline, and maybe next to that you’ve got a green button that brings everything back online. Your decision making is fundamentally different when you realise that it’s now going to take weeks to bring the infrastructure back online.”

Topping said a consideration here is the relationship between the cyber team, the IT team and the business team about what decisions to take if you’re undergoing a crisis situation. “What is the recovery time, how long is it going to take to bring any service back?”

Topping said these are scenarios that need to be considered, especially if this is the first time you’re testing it.

Also, Forte and Topping said there is a need to ensure communications are set in place, and that there are response templates that can be used.

Concluding, Topping said there needs to be preparation as "if you're responding to a crisis when your pants are on fire, it's too late." He said there needs to be an understanding built in the workplace on why response needs to be built in, and know why it is needed, and then "test it and test it again."

Forte recommended knowing what the key processes and systems are that you really need to be able to continue to operate your business, "so you can roll over to a redundant solution if it all goes wrong."

She said: "If you have that you're in a far better place to do business because ultimately, the way you survive is by keeping as much  of the business open and running as possible."

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.