Reacting to a massive cyberattack: Managing the consequences of a cyber-crisis

5 avril 2023 | ACTUALITÉS, Cigref in english, Communiqués

Most organisations and businesses now consider cybercrime to be the greatest risk. The collective intelligence work in this report contributes to the first pillar by providing concrete details to readers so they know how to react to cyber crises. Whilst companies are generally well-equipped with crisis management procedures specific to their activities, cybercrime is a special case due to its speed, its impact and the difficulty of grasping and remedying it.

Ce rapport existe aussi en français.

This report covers how to manage a massive cyber crisis that can have significant consequences for the organisation’s activity, and it can serve as a practical guide to responding to a cyberattack. These consequences can impact a variety of domains, including operations, finance and brand image.

Cyber crisis management is made up of different stages that need to be clearly identified to avoid getting bogged down in the crisis. Initially, the organisation must limit the attack’s impact as best it can to prevent the crisis from spreading. It can then repair and stabilise its information system. Meanwhile, investigations can be conducted to identify the reasons for the attack and ensure that the IT environment is safe once again. In parallel to all this, it is important to consider the legal process from the start of cyberattack since it will last long after the crisis is over.

Two crisis units are established to manage the cyber crisis: the operational unit, which for cyber crises is comprised mainly of members from IT, and the decision-making unit, which ensures the organisation’s business continuity. All stakeholders in how the crisis’s technical and strategic aspects are managed should be identified. The moment when the crisis unit is activated is also key to reacting quickly: this moment is usually set out in the business continuity plan (BCP) and depends largely on the consequences for all the business units that use IT.

Beyond the technical aspects – diagnosing the attack and repairing the IT – communication is important to avoid a crisis within a crisis. A communication process that foregoes the organisation’s IT system needs to be set up to maintain internal communications. Secondly, all stakeholders within the organisation, the ecosystem and potentially the media need to be considered in the messaging.

A cyber crisis often leads to a legal process as well, which requires the IT department to coordinate with the legal department. If there is a personal data leak, the CNIL must be notified immediately. It is also important to notify your cyber insurance company as soon as possible. Evidence of the attack should also be preserved to provide significant proof for the proceedings.

External service providers are often needed to reinforce in-house teams so they can benefit from expertise that is lacking internally. ANSSI can be an ally on several fronts when managing a cyber crisis.

The longer the crisis lasts, the more overworked the IT teams will be. It is important to make life easier for the teams by managing the logistical aspects as best as possible, without forgetting to allow time for rest, even for the most essential and motivated employees. When the crisis ends, the legal process must be followed carefully, because it can still last several months. This is often a chance for the IT department to improve its security.

Critères de décisions RSE à intégrer dans les projets IT : l’outil d’évaluation disponible !

Peut-on encore, en 2023, lancer un projet SI sans se préoccuper de sa contribution à la RSE et de son impact Numérique Responsable ? Quelles sont les bonnes questions à se poser pour justement, engager un tel projet en toute connaissance de cause ? Et d’ailleurs,...

Réagir à une cyberattaque massive : Gérer les conséquences d’une crise d’origine cyber

Le risque cyber est aujourd’hui considéré comme le risque le plus élevé par la plupart des organisations et entreprises. Le travail d'intelligence collective présenté dans ce rapport a donc pour objectif de mettre à disposition des lecteurs des éléments très concrets...

Élaborer et mettre en place la stratégie data : Gouvernance et Architecture Data & Analytics

Le Cigref publie, sous forme de rapport, le résultat des travaux de son groupe de travail sur le thème « Gouvernance et architecture data », co-piloté par Alice Guéhennec, Chief Digital & Information Officer du groupe SAUR et à Patrick Mahu, architecte...

Mise en application du Digital Market Act

Le Digital Market Act ou DMA, réglementation européenne sur laquelle le Cigref s’est beaucoup impliqué au cours de ces dernières années, entre en application à compter d’aujourd’hui, mardi 2 mai 2023. Télécharger le communiqué de presse Maintenant que le DMA...

Cloud Migration Strategies: a structural challenge for companies

Cigref publishes a report on the results of the work of its working group on "cloud migration strategies", co-chaired by Jean-Christophe Lalanne, EVP IT at Air France KLM, and Stéphane Rousseau, CIO at Eiffage. This updated version of the first version of the Cloud...