A recently released report from Gartner, Prepare for and Respond to a Business Disruption After an Aggressive Cyberattack, calls into question the common conception of a cyber attack. Executives and others in charge of response plans often assume that an attack will be easy to define and easy to contain. An attack is often seen as a one-time assault rather than a long time but as “a messy, chaotic and long-term event.”
Consider these factors, says Gartner, before you dismiss a cyber attack as a pesky business interruption.
You may not be able to trust the results of your investigation, because attackers often cover up their tracks.
You may still be struggling to stamp it out after weeks or months.
Count on the attackers coming back until they get what they came for—whatever that is, and whatever they look like.
You may not know the true target of the attack, or the reason it was carried out, for months afterward.
Internal and external pressure. Stakeholders and staff may come to see you as incompetent if you can’t quickly snuff out the danger, despite the fact that you have only the same resources at your command as everyone else.
Expect difficult questions from auditors, regulators and the C-suite.
Which laws and regulations or reporting requirements will you have to comply with during the attack?
Customer, employee and other concerns. Will you be able to service customers while the attack is ongoing? Pay your workforce and vendors? What will the impact be on other stakeholders, such as investors?
Above all, you’ll have an incredible amount of information to track—and you’ll have to rely on the expertise of many people who’ve never dealt with this kind of situation before.