Crisis unit dedicated to cyberattacks: How to set it up to be effective.

Crisis unit, dedicated to cyberattacks, how to set it up, so that it can be effective. A cybersecurity incident can refer to a malware infection, password attack, phishing and more.

Cyber-crisis, on the other hand, refers to any more serious cybersecurity incident that is likely to cause significant financial loss or damage to a company’s reputation and therefore seriously damage it.

But despite their seriousness, the consequences of a cyber-crisis can still be hidden.

To deal with a cyber crisis situation, you need to set up a crisis unit that is able to organize itself properly and make the right decisions as soon as possible.

Crisis unit, dedicated to cyberattacks, how to set it up, so that it can be effective. We tell you everything in this article, to be better!

What is a cybersecurity crisis?

What is a cybersecurity crisis? In other words, it is an attack that targets the IT infrastructure and is large enough to seriously disrupt the organization. The National Information Systems Security Agency (ANSSI) defines it as “the immediate and significant disruption to the day-to-day operations of an organization (stoppage of activities, impossibility of delivering services, legal proceedings, significant financial losses , in reputation, etc. .) due to one or more attacks targeting its services, its IT infrastructure or its digital tools”.

Because of their massive impact, cyber crises cannot be dealt with by standard processes and within the framework of normal organizational functioning. Hence the establishment of an effective crisis unit to deal with it!

In fact, it’s almost impossible to protect the company 100% against cyberattacks, but you can create an effective incident response plan that tells your IT team how to respond to an attack.


Crisis unit: definition

The Crisis Cell is a central location where operations and control are carried out in all phases of crisis management operations, such as information, support, rehabilitation, logistics, communication, general services, standards and more.

In this area, which by the way can be thrown away from the crisis area, very equipped and full of multidisciplinary professionals and experts whose information is analyzed and centralized, whose risks and their evolution are analyzed, whose decisions are taken and also that the management of emergency assistance and interventions are made.

Its purpose is simple: to solve problems related to sensitive or critical situations, to manage current crises, in other words to reduce their potential impact, and it is to be successful that it is important to prepare well for early as soon as possible.

The composition of an effective crisis unit

Typically the members of the crisis management team are human resources managers, department heads, senior managers, public relations representatives, communications and marketing managers, key operations personnel and project managers. site.

But there must also be lawyers, insurers, experts in this group about the situation (cybersecurity and IT experts in our case) and sometimes one or several representatives of public authorities if necessary. .

Additionally, consider recruiting members who excel in information technology, risk/security, facilities, products, or sales.

A prevailing rule in the selection of members is to limit the number of speakers. Otherwise, discussions, debates and decision-making risk being prolonged. However, for organizations that think they need help, they are advised to call in outside experts, such as crisis management consultants or crisis communication professionals.

An experienced and smart cyber crisis manager to lead the whole team!

The crisis unit needs members with experience in several areas, but also a good leader who specializes in all aspects of cyber crisis management. This includes mastering the crisis management process (analysis of organizational risks and vulnerabilities, planning various crisis situations and strategies to reduce or eliminate their effects, developing a management plan of the crisis that sees potential crises, the implementation of the crisis management plan. , etc.), mastery of the organization of a crisis unit (upstream of the crisis, when the crisis is over) or even skill on crisis management tools.

Leadership qualities are important to crisis managers. In particular, they must have the ability to deal with uncertainty and be immune to all kinds of stress and overwork. This will allow them to find a better solution to the crisis despite the difficulties the team faces and the size of the stakes.

In addition, a good crisis manager must also have a sense of listening and communication, must be courageous, patient, have empathy for your team or know how to cultivate teamwork.

Be aware that the organization of a crisis unit is well underway before a crisis arises. Moreover, it cannot be improvised, but responds to very specific procedures that the crisis manager must follow to the letter.

Here’s what you need to do in concrete terms to set up a crisis unit. Note that the process that follows is based on the example of a cybersecurity crisis. So it is not suitable for other types of crisis.


Create a cyber risk map. To do this, you must start by identifying the main activities of your computer system and network as well as the main IT assets. After that, identify the threats and risks that your IT infrastructure and IT assets or even your users or customers may face.

The next step is to assess the impact of each of the identified risks and threats. Finally, supported by the appropriate software solutions, all you need to do is identify the steps to put in place to identify these cyber risks before they happen, as well as the ways to minimize their impact.

Composition of the Crisis Unit

Composition of the risk management team considering the cyber risk mapping phase. Having identified the risks, their potential impacts as well as ways to control them or at least limit the impacts identified, as the crisis manager you must now come down to choosing each of the crisis management members with the necessary skills.

The selection of members of the crisis unit should clearly take into account the potential threats identified during the mapping. So, if for example, the risk of a denial of service attack is very high, it is therefore necessary to include in the team an information systems security manager (RSSI) who can fully master this particular type of cyberattack.

Explanatory guide to THE CRISIS Unit (Manual)

You will need to create a crisis guide. The guide should include everything, such as crisis management procedures, the tools used in each phase of crisis management and the role, identity and detailed responsibilities of each member of the crisis cell.

The more details you provide, the better the crisis can be managed, sometimes some managers in the briefing guide include important materials that need to be reviewed periodically

Computer, printer, fax, telephone, + the list of all useful numbers, including those in the management of the entity.

As a general rule, the guide should specify the detailed development of the integral management of the cell of cries, sometimes including up to a prison if necessary.

It is recommended to indicate all corrective and reconstruction operations in order to plan the resumption of activity as soon as possible.

There are actions that cannot be invented and it is better to think in advance.


In general, here’s what you should do when a major IT incident begins to seriously disrupt your business operations:

Alert those responsible first.

An alert system in place informs the observer of the situation. In the case of a cyberattack, this is usually a technician. In turn, the latter will inform the coordinator of the crisis unit, which is generally the IT Director.

Gather all those responsible, in a suitable room.

The various members of the crisis management team meet and equip themselves with all the tools necessary to set up the crisis unit. They must refer to the table of responsibilities, the crisis management plan and act to control the effects of the crisis.

Each tool has its own role in cyber crisis management

Each stage of crisis management is supported by specific tools. In particular, you will need suitable tools for:

  • Detect computer attacks in real time 24/7;
  • Identify vulnerabilities in your IT infrastructure that could be exploited by attackers;
  • Escalate incidents to IT security managers;
  • Communicate quickly and easily with all members of the crisis unit;
  • Share files and other types of data across the crisis management team;
  • Secure and make communications private to prevent outsiders from learning about the crisis, which could damage your reputation;
  • Alert the masses.

Crisis Staff Conclusion

All advice is good to do, but consultants are not the ones who pay, the best advice we can give you is to get a suitable software for this and its effectiveness has been proven, we indicate one to you: MEMOGuard V5 of Clever Technologies

Once the crisis is identified, you will need to analyze it and figure out how to react properly, but in order to react properly you must first have prepared everything you will need for it.

And a good management software, with on-call management is an absolute necessity, because everything will be detailed there, including communication modes, to the outside world and you won’t forget anything.

Take a test for free now, prepare yourself in advance to do well and don’t forget anything, a simple request and it will be fixed. .60.53

Author Antonio Rodriguez Mota Publisher and Director of Clever Technologies

To know more about the management of crisis cells:

Leave a Reply

Your email address will not be published. Required fields are marked *