No doubt, we do have deployed and sustained protection as counter-measure against cyber threats. However, the cyber threat landscape is always evolving – new trick, zero-day exploit, Advanced Persistent Threat (APT) are there and we don’t know what we don’t know.
In this regard, we must assume our system or infrastructure shall be compromised. It is just a matter at what time this happens.
To deal with the worst scenario, we have to get well prepared beforehand. Things like:
- Establish directive to trade off between service resumption or digital evidence preservation
- Determine dependency of resuming service in alternate facility though in degraded level
- Streamline philosophy of containment to minimize damage due to cyber attack
- Maintain contact info as well as reliable and trusted communication channel among key personnel during emergency situation
- Prepare Line-To-Take templates to simplify the job for PR
Most importantly,
- Human safety and environment protection should be the first priority
- Regular drill to validate the readiness and find ways to improve