“What happens to Heroes?” EPISODE #6: The Unsung Heroes of the digital world by Didier Annet

Is the cyberattacks stronger than the cybersecurity? “No, stronger it is not. Quicker, easier, more seductive,”.

The Psychological Impacts of Cyberattacks

This is the sixth episode of a story related to individuals who, in a matter of moments, transition from “employees” to “rescuers” in the immediate aftermath of a destructive cyberattack.

What I will call the “Heroes”

Let’s Rewrite the Story of a Cyberattack – Alternate History of a winning scenario

“The fact is, you have to do things for the current, but also the after. You must pay attention to people’s sensibilities. Even if we’re in a period of crisis, we mustn’t just have financial objectives, catering objectives or customer recovery objectives. We have to think about the well-being of our teams, to keep as many staff as possible. There’s no point in getting the business back on its feet if everyone leaves.”

Excerpt From the Interview

My book is dedicated to encouraging companies to consider the human aspect in the context of cyber-attacks. But coaching has only been part of my professional practice for the past 4 years. For over 25 years now, my career has been centered on helping customers strengthen their data resilience. This scenario is freely inspired by one of my corporate clients …

In this episode, I will fictionize a cyberattack, but by suing what I call a winning scenario. A winning scenario is when a company consider security as a strategic priority. No discussion, security is part of the daily normality

Typical identification factor: “Right reflexes, right roles — from click to crisis”

Once upon a time, there was a company that had security in its DNA. Cyberattacks are one of the problems of the modern world, and preparing for this eventuality is a necessity. It also knows that the best is the enemy of the good, and that security requires more discipline than expertise.

This situation is beneficial for the company, which recognizes the crucial role of IT security and allocates the necessary resources to develop a robust cyber resilience strategy. This strategy is based on risk analysis. The company has developed clear and achievable security policies that balance business requirements and available resources. IT and IT security departments have sufficient resources, expertise, and equipment to detect risks, develop effective countermeasures, and prevent systems from becoming obsolete. All staff members receive customized cybersecurity training based on their job responsibilities. This training is based on a positive approach. This enables them to respond effectively to potential attacks through regular simulations. They also take a proactive and self-critical approach to assessing their own skills and processes. All levels of management participate in cyber crisis management workshops, with annual reviews and updates of the crisis plan.

This corporate vision will significantly reduce the risk of internal cyberattacks. Although no system is completely risk-free, a consistent and well-structured approach helps to reduce employee stress and anxiety, thereby promoting a positive and productive work environment. This further reduces employees’ motivation to harm the company.

In the event of an attack, it will likely be detected quickly thanks to the constant vigilance of the teams and the proactive approach of everyone involved. Well-established and consistently followed incident management protocols ensure rapid decision-making. System protection will always be the top priority. Effective crisis management, combined with a clear understanding of everyone’s responsibilities, ensures smooth and efficient internal and external communication. Even if the impact is more serious, the robust response and containment processes of a high-performing company will be triggered. After being quarantined and thoroughly examined by the emergency response team, an assessment of the environment and its readiness for production resumption is initiated, in accordance with rigorous procedures.

In the event of an emergency, a stand-alone backup version can be quickly implemented. This standard practice ensures that the process is carried out efficiently and meticulously. With detailed instructions on business operations, software applications, and their interconnections, restoration efforts will be thorough and organized.

These comprehensive measures, which include thorough planning and proactive testing, ensure a smooth resumption of business. In addition, by keeping customers and suppliers informed during this period, everyone involved can make prudent decisions.

In this case, no one is designated as a hero. Rather, cyberattack management is a top priority, deeply embedded in a culture of risk management and individual autonomy. As a result, a cyberattack is viewed as a manageable event rather than a crisis.

In this scenario, no individual is designated as a hero. Managing cyberattacks is a priority, rooted in a culture of risk-aware management and individual autonomy, making a cyberattack a manageable incident rather than a crisis.

This is a Hero-less narrative.

No Hero, no fall of the Heroes!

THINGS TO REMEMBER

In cybersecurity, it’s not if you’ll get breached — it’s when. So isolate, authenticate, replicate… and don’t forget: your backup is only as good as your last restore test.