Avoiding crisis mismanagement
Every day, an eclectic range of cyber attacks take place across the UK. No two attacks are the same – they vary in nature, severity, perpetrator and victim. While criminal groups wage noisy ransomware campaigns, nations carry out more surreptitious espionage operations. Although many attacks on UK organisations are not successful, plenty unfortunately are.
The NCSC’s Incident Management (IM) team are available 24/7 to support victims responding to the most serious UK attacks. When we work with victims, we see how significant the impact is on the organisation. Technical teams are charged with managing the ongoing incident, while senior management will want an explanation of what happened and how long it will take to fix. If business operations have been disrupted, the pressure is on to swiftly resolve this. When the incident is playing out in the public domain, relationships with customers and stakeholders will be in jeopardy, and there may also be regulatory obligations or press interest to manage.
These incidents take a significant toll on the welfare of personnel within the victim organisation. Although our key contacts are generally the technical leads, we also frequently liaise with comms, legal and compliance functions as well as senior managers. Within the NCSC, we recognise that we are supporting these teams precisely at the point when they will feel at their most stretched. Incidents bring unwelcome baggage in the form of long hours, stress and persistent high levels of ambiguity. Every individual will respond differently to these stimuli. Even those that may seemingly thrive in the initial stages of a crisis risk burnout over the medium to long term if mismanaged.
Our role in supporting victims gives us a unique insight into the most effective strategies organisations can adopt to recover from cyber attacks. Instituting a sustainable plan to assure staff welfare during a crisis is a crucial, yet commonly neglected, task. It’s something we take very seriously within the NCSC ourselves. Fundamentally, if the welfare of key personnel within a victim organisation is not properly managed, it risks exacerbating the situation and undermining the response. That’s why I’m delighted my colleagues in NCSC’s Sociotechnical Security Group have developed Putting staff welfare at the heart of incident response, guidance grounded in longstanding crisis management principles, to help organisations ensure they adopt resilient models to support staff welfare during an incident.
Time dedicated towards implementing this guidance now will bring dividends should you find yourself in the unfortunate position of responding to an incident in the future. None of the victims we support have ever expressed regret at investing in their preparedness prior to an incident, but many have conveyed remorse at not having done so.
Fraser M
Incident Management Senior Leadership Team, NCSC
Original Source: ncsc[.]gov[.]uk
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.