Currently, most crisis management plans are not prepared for acts of cyber warfare. Characteristics unique to these attacks render different consequences unto an organization and an effective plan requires different steps and partners.
Gartner research has ways to formulate an initial crisis plan. CISOs need to explicitly talk about the possibility of a cyber attack and create a crisis plan specifically for that event.
If you operate your own infrastructure, and you have predefined procedures for securing your infrastructure interfaces during times when cyber-attacks are likely, a suggestion is you bump your posture up a level before going home today. If you don't have such procedures, suggest you get busy figuring out what they should be. Basically, this involves cutting non-tactical connections, isolating systems that don't absolutely need to be connected, reducing or eliminating remote access, and possibly adding staff to manage the system better. You can re-evaluate the situation after the immediate threat subsides.
Gartner has many resources to aid in your preparedness - receive a complimentary copy of our ‘How to Prepare for Cyber Warfare” research. Please reach out to:
Susan Buytenhuys, Gartner State of CA - Managing Client Director
916.281.5145 - Susan.Buytenhuys@gartner.com
to discuss your specific situation and how you can best be prepared.
Suggested Reference Information and supportive details:
- US DHS bulletin published
- The mourning period for the Iranian general ends shortly and we should expect some activity to commence
- Monitor your ISAC if you are a member for activity and advice
- Given the current state of affairs, it is probably worth reviewing the TTPs for known Iranian groups. A good review source is the MITRE ATT&CK framework reports:
