In the heat of the crisis … The third edition of Orange Cyberdefense Live was all about cyber crisis management. Because when a cyber incident occurs – and we should always assume it will – the right plan and preparation can ensure that your organization remains resilient.
About 300 Orange Cyberdefense customers listened to insights from experts and stories from peers. Below, you will find the six key takeaways of Simen Van der Perre, Strategic Advisor at Orange Cyberdefense Belgium.
1) Proper preparation turns cyber crisis management into a standard procedure
Practice makes perfect. This also applies to cyber crisis management. Kirk Kinnell, the former Head of Hostage Negotiation and Armed Policing in Scotland, made a comparison between hostage situations and cyber-attacks. He explained how the right preparation and understanding can turn the biggest crisis into a standard procedure. Be sure to have a plan and take time to practice crisis situations.
2) Testing realistic scenarios is the best cyber crisis management training
How can you practice those crisis situations? Orange Cyberdefense experts Etienne Verhasselt and Koen Vanderloock see value in ethical hacking. Not just penetration testing, but more in-depth red team exercises that help organizations understand how threat actors operate. These tests focus on all the tools in the cybercriminal’s box and check your organization’s vulnerability.
3) The key factors of cyber crisis management: prioritizing, rebuilding and communicating
Prior to the event, visitors could submit questions on how to handle cyber crisis management. Orange Cyberdefense consultants Jan De Bondt and Steven De Munter summarized the answers with three factors that are essential in any strategy. First, in a cyber crisis, you need to prioritize by understanding what happened. What is the impact? Who makes the decisions? What has the highest priority?
Next, you start rebuilding, which can be a challenge in the case of a ransomware attack. And finally, you need to communicate about the attack. Share information with your customers and partners, as well as with the authorities and, if necessary, the privacy commission.
4) We need to cooperate and be transparent about cyber-attacks
Communication is an essential pillar in cyber crisis management. At Orange Cyberdefense Live, the City of Genk’s Chief Digital Officer, Stijn Schepers, explained that his city was on the same list of targets as Antwerp some time ago. He talked about how Genk was able to secure its systems. His key message? Know what you have, otherwise you cannot protect it. But he also called for more cooperation and openness when it comes to cybercrime.
5) Focus on awareness and integrate cybersecurity into your culture
How can we increase awareness and create a culture change in dealing with cybersecurity? This was probably the most discussed topic during the event. One of the more striking testimonials at Orange Cyberdefense Live was shared by Ivo Jacobs, Managing Director of H.H. Hospital of Mol. About two years ago, his hospital was hit by a cyber-attack that left surgeons unable to operate on patients for two days and kept digital systems down for a week.
The hospital has now enhanced its security strategy with the implementation of Zero Trust. Even after two years, they still experience the consequences of the attack. According to Jacobs, security awareness among his staff has no longer been an issue since the attack. Moreover, he took the advice of his IT Director who told him that investing in a Security Operations Center (SOC) is more valuable than any cyber insurance.
6) Think about what might happen in the future
No cybersecurity event can be complete without a keynote on AI. Jan Aril Sigvartsen, Senior Executive Advisor at Orange Business Norway, explained how generative AI can be used to exploit vulnerabilities. He also reflected on the future and how AI could infiltrate an organization, even if all the right security measures are in place. His advice? We need to think about scenarios that might not be possible today, but will occur in the future.
Orange Cyberdefense Live 2023 was a great opportunity to network, connect with peers, get inspired, and share experiences with cyber crisis management. If you were not able to attend this year’s event, be sure to add the 2024 edition to your agenda. We’ll keep you posted…