Crisis response is like a multi-stage rocket. At each stage, another layer of the response should be triggered. This step-by-step response allows for a graduated response and a clearer definition of everyone’s roles and the schedule to adhere to.
The first challenge is to designate the individual who will trigger the crisis procedure. For IT problems, is it up to the IT manager to initiate support? Is there someone responsible for the BCP at company level, who is the only person who can trigger this plan? The BCP must clearly define the various roles, the first of which is the trigger.
Once crisis status has been triggered, various measures must be taken immediately. For example, in the event of a fire, the priority is the evacuation of staff: before saving data, people’s lives must be protected.
Once the risk has been identified, it is best to turn to the experts. Thus, if ransomware is at work with files that are being encrypted or already encrypted, external support will be needed quickly: the SOC (Security Operations Centre) will be able to provide this quick and efficient support.
The respective expert will analyse the situation, take account of any backup restoration, entrust the relevant tasks to each person involved, estimate the time required, and so on. As for those responsible for the BCP, they will need to supervise experts, maintain dialogue with them, remain on hand and communicate with management and the businesses. It is generally up to the BCP managers to define a backup site for employees when necessary, to list the necessary equipment (if the usual equipment is unavailable), and so on. In the event of a cyber-risk, the IT emergency plan (which stems from the BCP) will provide for the network, infrastructure, user support, coordination, and so on.
