The specificities of cyber crises

Compared to other crisis scenarios that may require the activation of a DRP, cyber crises have their own characteristics:

  • Immediate impacts (stopping certain activities, inability to deliver services, etc.).
  • Uncertainties regarding the scope of the compromise.
  • Complexity in deciding what can be restarted in DRP mode or not, and in what order, this being related to:
    • The vector of the attack: is it a worm, a ransomware controlled from outside, etc.
    • A potential spread to other organizations due to the interconnection of IT systems.

Why Cyber Crisis Tests

The French Agency for the Security of Information Systemsstates in the introduction of its guide on organizing a cyber-origin crisis management exercise:

“Facing an ever-growing and evolving cyber threat, improving digital resilience through cyber crisis management training is no longer just an opportunity but a necessity for all organizations.” 1

Cyber risk is among the top 2 risks that businesses face. However, organizing such an exercise remains a difficult equation to solve, especially in the context of SMEs and small entities that do not have the means to organize it simply.

Experience shows that certain elements allow better management of a cyber crisis such as:

  • Simulating and testing the crisis unit’s skills on aspects through exercises:
    • decision-making, tactical, and operational aspects
  • Having an outsourced contact list and cyber crisis test organizations
  • Having a policy for retaining application and network logs/logs

The Specific Context of Nuabee

Nuabee has developed its cyber resilience solutions to offer businesses and organizations the ability to have cyber resilience solutions ranging from outsourced backup to a DRP solution tested every 6 months.

But we at Nuabee are aware that in a Cyber crisis context, it’s not just about pressing the DRP activation button (as is the case in a more traditional crisis context: datacenter unavailability or destruction, …), many additional elements must be taken into account:

  • Which servers are compromised?
  • What is the strategy to contain the risk?
  • How to collect and process evidence of the cyber attack?
  • How to restart the affected servers?
  • What post-incident modifications need to be made?

In a cyber crisis context, if clients have developed this cyber crisis management skill through UCyber tests, our Nuabee solution will be all the more effective.

Nuabee's contact

65, rue Hénon
69004 Lyon - France
Contact Us - Homepage top right - OK