How to create the best contingency plan for a cyber-attack

A theoretical contingency plan has no value. Actually, no plan is better than a bad one.

IT-crime is at its height and a lot of companies are increasing their cybersecurity budget to get ready for the worst-case scenario. According to Devoteam, many companies’ contingency plan is too theoretical, which does not work when an attack happens.

 

Full security is false security

Everyone gets hacked. There exists no 100 percent security, and the average cyber attack period is 146 days. Nevertheless, many companies still act as if complete security were normal, and not just a best-case scenario. This makes the company extra vulnerable and creates panic when an attack occurs or rather – when it is discovered.

 

The goal is not safety, but resilience

The company should work on the premise that security will be compromised at some point and that the emergency response capability must be able to handle such a situation. The strategy must focus on resilience, that is, the ability to quickly regenerate on an attack. Not only does it makes sense internally but also towards customers and other stakeholders.

The outside world does not expect an error-free company but judges the company on its ability to act under pressure, including informing customers and business partners.

 

Kill-Switch gives you time

With a Kill-Switch installed, your company can stop the malicious software from compromising your whole IT infrastructure. This gives you the time needed to asses the situation and to act on your contingency plan.

 

Read the whole article on how to create the perfect contingency plan, note that it is in Danish.