Back to resources
Crisis Management: How Organizations Can Improve Responses and Outcomes
October 2021 / 2 min. read /
Understanding Crisis Management
An organization’s ability to understand, strategize, and respond to a crisis is critical.
After all, this is the moment when a team’s strengths and weaknesses are laid bare. If employees lack the skills needed to resolve the crisis, the situation will likely worsen. If the team does not have a remediation plan, or a strategy with which to address potentially difficult scenarios, business operations could grind to a halt. Mistakes are made; reputations are harmed. Time and money is lost.
Every organization knows that mitigating crises is part of the journey. But too often we lack the appropriate resources and direction to proceed to our desired outcomes. To help organizations prepare for these challenges, CIO Dive published “The Water Cooler: How 5 Execs Operate Under Crisis” last week. It’s a practical and insightful guide that includes advice from IT and cloud security leaders, including Britive’s Head of Security, Harry Wan.
Read Harry’s comments below, and be sure to check out the rest of the article on CIO Dive. It’s a must-read for teams intent on managing crises and finding opportunities in lessons learned.
In a previous role, I was a vendor that was part of a larger team responding to repeated and persistent credential stuffing attacks. The weakness I experienced as part of this team and in post-mortems of the event were: Lack of expertise in diagnosing the path the attacker was taking to accomplish the attack. Lack of authority of the security team to effect proactive protection. We recommended specific firewall changes that were not implemented, and the recommended change would have prevented a subsequent attack. Involvement of executives, on both the vendor side and the customer side, only after significant damage was done to the customer and to our relationship with the customer. At Britive, we've performed a tabletop exercise involving all our top executives with regards to business continuity and threat response, as part of our ongoing SOC certification. Having such an exercise attended by the entire executive team contrasts with my last experience and helps us work out roles and responsibilities proactively making our communication more effective.