Communicating during a cyber attack

Neil Conchie
May 28, 2021 2:52 PM

We have all seen in the news recently that cybercrime and cyber attacks are on the rise globally with the potential to be hugely damaging to any business or organisation. If the worst were to happen, how would you respond?

 There are various steps to be taken when a cyber incident occurs to ensure that the attack is contained, mitigated, and resolved and there are very points at which you should communicate with various people and agencies.

The first stage in dealing with a cyber incident is to triage and assess the impact of the incident. Once you have ascertained that an incident is in progress and it’s not a false positive you should start your cyber incident response process. At this point, you should consider communicating with your employees, especially if you suspect the attack may be spreading through a central system or could be exacerbated by people accessing or using the system.

Depending on how the attack is affecting your systems, the communication you send might be different but Klaxon will be able to facilitate your needs.

If you are having trouble ascertaining just how deeply affected your system is, you might send out a communication inviting a response from your team to see how many people are affected. Sending this type of communication is easy with Klaxon, and you can see all the responses from your team in one dashboard, and even retarget those who have not responded with a further notification.

If you know how the attack is affecting your system, your communication may be to inform your employees of which systems are down or need to come offline to further protect your infrastructure.

Once you have triaged your incident, you will need to decide who you need to escalate the incident to. For high priority or critical incidents, you will likely need to escalate the incident to your board or CIO level whereas a low priority incident could perhaps be dealt with by your own IT service desk team.

The Klaxon platform allows you to send messages to your users based on subscription group, so you can quickly and easily send your communications only to those who need it leaving your team free to deal with the incident itself.

From here, it can be easy to lose track of time and whether updates need to be sent as your team work to restore services and mitigate the risks associated with the incident. The Klaxon platform has you covered here too! You can easily set reminders for when updates should be issued on the incident to all users, or all users affected ensuring that no critical updates are missed.

Alongside incident update reminders, the platform also includes a dashboard that will allow all of your users to access a single point of truth throughout the whole process. The dashboard includes all of the updates provided as well as any expected update times so that all users are kept informed, safe and productive throughout.

The next steps in your incident response are to analyse the incident which includes everything from technical analyses and looking at reactions in a wider setting such as on social media. The aim here is to understand enough about the attack to contain and mitigate the attack.

Once you understand enough about the attack, and you are sure that it is safe to do so, you can move fully into containing and mitigating the attack both from a technical systems point of view and non-technical such as communicating with the media or external organisations who are involved in the response. It is worth noting that an attacker could be reactive to your response and bury themselves deeper, so some degree of analysis must continue.

The next stage of the response from here should be to remediate and fully eradicate the threat from your systems and network, and to confirm that the threat has been fully removed. This may require more analysis to ensure that there are no remnants of the attack left within the systems or network.

The final stage of the response is to recover, the clean systems can be put online and business as usual can return whilst the final actions to handle any regulatory, legal, or PR issues are resolved.

Communicating with your staff throughout the incident can be made much easier with the Klaxon platform, from reminders about incident updates to the fast and easy way you can get your messages out to those affected.

But what happens after the incident? You must take the time to learn from the incident and put new or amended procedures in place to reduce the chances of an incident happening again in the future. Once again, the Klaxon app can be used to collect feedback from your users and to communicate new procedures and policies effectively.

Have you ever experienced a cyber attack or incident? How did you handle your communications?

If you’d like to see how Klaxon can help you communicate through a cyber incident, why not book a demo?