Cyber ​​threats are becoming more common – let’s get it right

Cyber ​​threats have increased and become widespread, powerful and aimed at businesses of all sizes and fields of activity. This is a painful event by any measure.

A cyber incident like any emergency is a complex and not simple situation for the company and any employee, senior manager or technical person who takes part in the incident, and may have a dramatic effect on how the incident will end.

The incident can expose the organization to an overall legal problem and not only to the cyber incident itself, but also to the way the company responded to the incident and managed it in practice.

Therefore, more than ever, the management of the company has a decisive role in the management of the event in its various stages, the decision-making process, the delimitation of responsibilities and the understanding of the powers of the internal and external parties, the meaning of paying or not paying a ransom, the obligation to report to the law enforcement agencies, etc.

The goal:

Improving management’s ability to deal with a cyber incident by implementing a methodology for managing the incident developed at Strauss Strategy and includes: providing tools, making information accessible to the company’s management, an outline of conduct for the relevant parties, which also includes training and conducting regular management exercises, with the main goal of reducing the time window of the decision-making process and improving confirmation times of the organization’s business activity.

This activity will allow ahead of time:

  • Improve the awareness and readiness to deal with cyber threats in the various teams

  • To define the delimitation of the responsibilities of all management elements on the manner of work and conduct at the event

  • To coordinate the various processes for dealing with a cyber incident in a friendly format

  • To improve the integration and cooperation between the different parties in a cyber incident

  • Prepare envelopes, sources of information, agreements and required documents

Key steps:

1. Incident management concept : We believe that in order to manage an emergency incident at a management level, an advanced management concept is required, which characterizes and defines the structure of the teams, the various factors involved in the management of the event and reporting interfaces to the factors, inside and outside the organization.

2. Preparation of a Playbook for managing the stages of the event : defining the management tasks and making the decisions that must be made, at each stage of the life cycle of the cyber event, defining the approving and executing factors for each task.

3. Blank forms, documents, sources of information and agreements : Naturally, in a cyber incident, the pressure on the officials and the organization is great and every minute that passes increases the risk. The preparation and preparation of relevant information in advance will significantly reduce the time and pressure on the various parties, through the preparation of notices for mailing information, forms for collecting and transferring information, lists and sources of information required for the management of the event, agreements with required parties such as a negotiation expert, legal evaluations with law enforcement agencies , establishing an infrastructure for payment in digital currencies…

4. Definition of positions and responsibilities : a clear definition of the responsibilities of each technical management element in the various stages of the event (CEO, operations, information technologies, finance, legal, spokespersons, marketing, sales, human resources…).

5. An operational file for work without a functioning computer system : one of the main assumptions is that a cyber incident, unlike traditional emergency incidents, can disable the activity and the computer system of the organization for a time ranging from days to weeks and in extreme cases even for two months. Strauss Strategy has developed a unique methodology on the subject, which contains: an emergency file, tools, envelopes and critical information that will allow the organization to function at a basic level even without computer systems.

6. Continuous improvement and practice for a cyber incident : Assessments and improving awareness of the cyber incident at the management level is a process that must be carried out regularly and regularly in every organization. Strauss Strategy consultants and experts work closely with the managers of the organization and carry out trainings, exercises and simulations based on the portfolio that has been built.

Strauss Strategy’s team of experts: Our cyber team consists of experts in many and varied fields, who have rich practical experience in preparing organizations for emergency events.

Together we will build a more protected and safer future

More articles for you

How to Smartly Navigate the AI Revolution: From Tactical Moves to Strategic Organizational Transformation

How to Smartly Navigate the AI Revolution: From Tactical Moves to Strategic Organizational Transformation
continue reading

Turning Crisis into Opportunity – Our 2025 Business and Technology Trends Compass

What key business trends are anticipated for 2025? How will the competitive business and technological landscape evolve across Israel’s sectors? While technology companiesThe past year has been one of the

continue reading

Project versus product management: a perceptual change

Transition to product management: Israel’s National Planning administration in a mindset change The Difference Between Project Management and Product Management, and How the Digital Technologies and Information Division at the

continue reading

All rights reserved to Strauss Strategy 2021 – 2024

Privacy Policy

|

Accessibility statement