Alternit One’s Cyber Attack Scenario – How to Limit Your Risk Profile (Part 2)

By Carrie Whamond, Founding Partner at Alternit One

Part 1 of this series explored the first signs of a cyberattack and the initial responses to contain the threat. From reviewing business continuity plans to breaking Single Sign-On (SSO) connections, these early steps are crucial in limiting the damage a cyberattack can cause to a firm. This part of the series dives deeper into the later stages of a cyberattack scenario, including managing external impacts and implementing post-incident remediation.

Phase Three: External Impact

In the third phase of the cyberattack simulation, the situation escalated when clients and suppliers started to receive suspicious emails from the firm’s CEO. This introduced a new layer of complexity—one that is often the hardest to manage: public relations and external communication.

Handling the external impact of a cyberattack requires a delicate balance between transparency and containment. The participants in the workshop discussed the following actions:

• Investigating the source of the malicious emails and issuing a public statement advising clients and partners not to open any attachments.

• Working with PR and legal teams to prepare formal declarations for the Information Commissioner’s Office (ICO) and financial regulators, outlining the breach and actions taken.

• Ensuring clear communication to all stakeholders about the nature of the attack and what was being done to mitigate further risk.

• Ensuring access to all client and partner contact details can be achieved in a BCP/IRP situation.

At this stage, it is critical to act swiftly and responsibly. A poorly managed response can damage a firm’s reputation and erode client trust.

Learning the Lessons: Post-Incident Remediation

Once the firm’s IT service provider managed to regain access to the Microsoft365 environment—30 hours later—the next focus in the simulation was on remediation to prevent future attacks. Participants emphasised the importance of not only cleaning up the breach but also implementing stronger defences moving forward.

Key remediation steps included:

• Changing all passwords and upgrading multi-factor authentication (MFA) protocols.

• Conducting thorough cyber training for staff, particularly focused on recognising phishing attempts.

• Implementing Conditional Access Controls, allowing only trusted locations to access the firm’s systems.

• Performing a full security policy review and monitoring for further suspicious activity.

For COOs, ensuring the team learns from the incident and tightens the organisation’s cybersecurity is essential. The worst mistake a firm can make is to return to business as usual without upgrading their defences.

Key Takeaways for COOs and Leaders

The interactive nature of this session highlighted several critical lessons for COOs and other business leaders. Here are the main takeaways:

1. Incident Response Plans are essential: Regularly reviewing and updating IRPs is key to ensuring an organisation can react swiftly and effectively in the event of a cyberattack.

2. Communication is critical: Clear internal and external communication channels are vital when responding to an attack. Firms should ensure they have alternative methods in place, and that roles and responsibilities are well understood in advance.

3. Be prepared for temporary regulatory breaches: In the short term, ensuring business continuity may require breaking normal security protocols, such as allowing staff to use personal devices. It’s important to document these decisions and remediate them as soon as possible.

4. Cybersecurity training Is non-negotiable: One of the easiest ways for hackers to gain access is through human error. Ongoing staff training on phishing and cybersecurity best practices is essential to protecting an organisation.

5. Work closely with the firm’s IT provider: A strong relationship with the firm’s IT service provider is essential. Ensure they are both proactive in managing the business’s environment and capable of responding swiftly to incidents.

   
   

Cyberattacks can seem like an inevitable risk in today’s digital world, but with the right preparation, their impact can be minimised. This two-part series has highlighted the real-world strategies that COOs and leaders can implement to respond effectively to an attack. By learning from these simulated scenarios and applying the lessons, firms can significantly reduce the risk and impact of future attacks.