Services / Defense Strategy

Crisis Preparedness

Strategically & tactically prepare for key attack scenarios ahead of the curve.

The Challenge

Establishing Executive Level Understanding & Preparing for Key Attack Scenarios

From a crisis preparation standpoint, it is crucial to establish a common understanding between members of the leadership team around what key attack scenarios are that the company needs to prepare for ahead of time. The key is to outline tangible, realistic attack scenarios that are likely to occur. Attack scenarios can be overlayed with existing and required defense capabilities to evaluate the companies ability to self-protect, detect exploitation, respond to breaches and recover from them.

Designing Operational Incident Response Processes

On a process level it is of highest importance to have functioning workflows. An inability for executives, operations and incident response teams to take determined, decisive action enables the attacker to take advantage of the situation and win. Functioning workflows must be simple and lightweight in nature: Delineated responsibilities, technical IR playbooks, streamlined communication.

Building Technical Detection & Response Capabilities

The ability to react to security breaches is heavily dependent on technological capabilities. Without appropriate XDR capabilities it becomes next to impossible to contain the situation and determine key facts such as timeline, root cause, point of entry and overall impact. Hence, one of the main challenges to prepare for crisis to understand what infrastructure is necessary and to build it ahead of time.

Strategic Communication

Communication is an essential part of crisis management. During crisis, multiple communication threads have to be streamlined and strategically aligned with one another, requiring tactics and methods to ensure a positive outcome for the company. Example threads include:

  • Communication with the Adversary, such as during extortion and ransom threats
  • Communication with Authorities such as Law Enforcement and Data Protection Authorities
  • Communication within the Organization
  • Communication with the Public, such as Media and Customers

Delivery Process

Establishing Context & Incident History

The beginning phase is an initial assessment of existing experience in dealing with crisis situations, a recap of previous incidents that happened in the past and other specific areas of concern. Further, we will examine what detection and response capabilities are in place to gauge the current maturity state.

Identifying & Evaluating Key Attack Scenarios

The second phase is about identifying and evaluating business relevant, high-impact attack scenarios that are crucial for leadership and operations teams to understand and build up resilience for. Our teams will develop bespoke attack vectors targeting main business processes and critical data assets, both from the perspective of insider threats as well as external threat actors.

Outlining Target XDR Capabilities

From a strategic management perspective it is vital to understand which specific XDR capabilities are important to prevent breaches. The third phase will focus on the strategic underpinnings of those capabilities and suggest what needs to be done to reach the target point.

Outlining Target Incident Response Processes

Equally important as technological support is the right framework of operational processes and workflows. The fourth phase will focus on outlining what is required for rapid decision making, crisis containment and eradication.

Optional: Reinforcement through Tabletop Exercises

As an optional phase, tabletop exercises can be conducted for bespoke crisis scenarios. These simulations serve multiple purposes: reinforcing and discussing the actions that would be taken in a particular crisis situation, sharpen the understanding of roles and responsibilities, test communication strategies and improve operational efficiency.

Tabletop exercises are run from the viewing angle of distinct audience groups, primarily executives and leadership teams as well as operational security defense teams.

Our Services

We've created the following service for you.

Services / Defense Strategy

Crisis Preparedness