A cyber incident will happen. Plan and prepare accordingly!
There are two phases in a cyber incident that influence the duration and impact. First there is of course the type of attack and how sophisticated it is. Although we must do everything possible to prevent a cyber incident, it is hardly possible to guarantee that no cyber incident will happen, so we have to assume that it will at some point in time.
That brings us to the second phase which takes place long before the cyber incident itself. The preparation! Research shows that the quality of preparation is either essential in reducing the impact and damages of a cyber incident, or a catalyst that escalates the impact far beyond its original scale.
Organizations tend to struggle with simple things. Like for example no longer having access to the disaster recovery plan when the entire data and infrastructure is unavailable in a ransomware. Others come to the conclusion that they have a good backup of data, but lack all settings and profiles which gives them no other option than to rebuild everything from scratch. What is lacking in most cases is a regular “battle test” of the incident response and disaster recovery planning.
The goal is not just to have a plan, but to know that the plan covers at least 99% of the necessary steps. A cyber incident will happen. Plan and prepare accordingly!
Dr. ir Johannes Drooghaag