A look back at 3 cybersecurity crises

Podcast with Joël Olivier

‍

Joël Olivier, a member of the Infortive Community, shares his experience of cyber crises with us.

Listen to this episode and Jpël's advice and tips to update your knowledge of the attacker ecosystem, from Sunday hacker to state hacker, and better understand the key role of a Transition CIO at the heart of cybersecurity crises and emergencies.

‍Good listening!

‍

What are the best practices of a Transition CIO faced with a security crisis?

Before a cyber crisis: anticipate it well

• ‍Tobe able to communicate during the crisis: create an alternative communication channel via a network separate from the active directory and the information system (e.g. Signal loop, Wired, Telegram, Whatsapp...).
• ‍Externalizekey documents for crisis management: externalize part of the crisis management documents on a cloud not connected to the information system, including the contact directory.
• ‍Prepareyour address book of experts: locate the right crisis management experts to build up an address book. It's important to have a team ready, made up of a good dozen experts with whom you've already worked. ‍
• Carry out "Pen tests" regularly: launch penetration tests every year, varying the service providers. The recommended cost range is €20-250,000. Joël Olivier's experience underlines the fact that a prior relationship of trust between the key players is fundamental to dealing with a crisis.

During the Depression

• ‍Themanager takes the stress: "A basic rule, the manager takes the stress. The more stress you take, the less stress your teams take, the better they'll work. It's our role as managers to take the pressure." Teams are exposed to extraordinary levels of tension and fatigue. No need to add tension.‍
• Manage the crisis in pairs: "Whenever possible, intervene preferably in pairs. This allows us to take a step back, we need to exchange ideas!"‍
• Pay ransoms sometimes: without promoting it, it may be necessary to pay a ransom in certain situations. Finally, "Don't necessarily try to clean/repair everything": it may be more efficient to rebuild rather than clean/repair everything. This operation requires you to run at least three different antivirus programs.

After the Crisis

• ‍Rest: It's important to manage post-crisis rest. Teams can be exhausted after a period of high adrenaline. It is therefore advisable to give them time to rest. It's also important to prepare for the return to a normal "non-crisis" state of mind.‍
• Returning to normal life: "In a crisis, your state of mind changes, and almost anything goes. You'll have to return to normal functioning, with follow-up meetings, schedules, committees...etc. It turns out that the more intense the crisis, the more difficult it is to get back into the right frame of mind, because of the adrenalin crash." The transition can be difficult after an intense crisis.

To conclude, Joël Olivier uses the famous quote attributed to Winston Churchill: "Never waste a good crisis".. He advises us to take advantage of the short shockwave generated by the crisis to commit credit lines that are open for a limited time.