KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
I tell you a little bit today about how a company feels when it, when it's a victim of a, of a cyber tech I have done in the career of Mabu cyber attacks twice. So we hit it two years ago and we have the next one had this year. And we speak a little about a bit that, how it feels and how it works in a cyber attack. You see a lot in the press that the club of victims of cyber attacks are increasing. So we have in the press able special, which is a victim of a cyber attack.
And the latest as you heard is media miced, which has a big cyber attack in progress at the moment and how you handle that and how it looks like. Yeah. When you are heated by a cyber attack. And we are now gone from prevention to the, to the case that it happens while you have done a good prevention, but it was not, it was not good enough. Then you have it like that, that nothing is working in a, in a company. When the cyber attack you have is a big one.
So you have then to handle without any computer, without any smartphone, a crisis management management, you have to establish a lot of processes without solutions, without idea how you can handle that in a, in a short time to get out of this attack and come into a normal it process. But the normal it process, as you know, will never happen while you have had a cyber attack. And then you have to restructure your it, and you over have to overthink the processes which you have had in the past about the topics.
Then what are the most important things during a cyber attack and how to deal with that? The next thing is then how you counter a cyber attack in the future and how you can prepare for the next one. And the last thing is with us, the compare of the first one and the second one as I had, what are the differences between cyber attacks once you're heated and what are the next one? Yeah. When you have a cyber attack and you see it at the first time, your daily work changes dramatically. It's the most highly stress level you can imagine.
So thousands of questions come to you in a couple of seconds, what happens? What's what's going on? How long does it takes? How can we go out of the cyber attack? Is it a cyber attack or not? You don't know that at the first stage of a cyber attack. And then you have to, you have to run over a lot of tasks and a lot of question questions. How could that be happened? That a cyber attack is now going on and what can I do now? Who should I call? When you have the comparison of a fire?
You know, you dial the 1, 1, 2, the fire department is coming. They solve the, the fire and they, then you rebuild the company and you rebuild and paint and everything is gone at the cyber attack. You don't know who should I call and how long it does take of a cyber attack. And the next question is what happened after the cyber attack?
What's, what's, what's stolen, what's damaged, how many data you lost and so on and so on. And the questions are huge and horrible. Yeah. The next thing is when you have a cyber tech, what's your first priorities you should be able to work with. Is this the EOP system, is this the active directory? Is this the production are the machines to necessary things? Is it email? Is it phone system?
So it, it is a little bit complicated to tell the questions. What is the most critical prioritization?
It, it is a little bit the question, how is the impact in the company? You have some smaller cyber attacks, which are not that big issue for our company, which is not to public to prioritize that much. But once you have a cyber attack, as we have had that 95% of your it is encrypted, then you have the questions. What do I first and how, when, how we can survive weeks, days without any it support. Then the next question is what exactly happened to do a restore.
You should know how they come into your com corporate network and what they have run for programs to encounter you in the cyber attack and what exactly have they done and which accounts they have used. So the forensic is the most critical thing at the first beginning of a cyber attack. And then when you note this, all the questions are solved, then you can start to restore. And then it comes to a normal crisis management plan and emergency planning. What is to restoring when is some services are available. So when you see the cyber attacks are in progress, you have a huge workload.
In my case, we have lost 95%. The first cyber attack took nine, nine weeks to get up 95% of normal services. And we have to deal about five, 6,000 more than less 5,000 tickets in the it to the normal operational business. And I have a lot of communications work done about five, 1500 telcos and conferences in the first nine weeks. So that's a huge physical and psychological thing to handle a cyber attack, whatever we have survived. The first one we have survived the second one and also how we counter them.
When you have a cyber attack and you have nothing you can work with, then you have the most thing to do is the crisis management. And I've learned yesterday evening, the crisis management needs the right people in that they are structured and they're not get into chaos. And they are really relaxed and work the topics they're coming from. So you should also be thinking about your crisis management in your company, how well they trained them there and do you know all stuff of the crisis management and reaction teams, and did you train them?
So we have yesterday evening also had a, a chat and I learned, so compared with the fire department, they have trainings, they drill their people. So also think about to drill your crisis management team. You don't know when a cyber attack starts and how to feel, and then you need the people right in place that they know what to do. And the most important thing is don't be panic. It happened. So you can't do anything about it. You can do then the reparation and then the preparation for the next time.
What can you do to prepare yourself for a cyber attack, build your cybersecurity strategy and, and know all of companies has a cybersecurity strategy. So, but once you, if implemented a cybersecurity strategy and cybersecurity software and programs for cybersecurity awareness, don't stop to rethink cybersecurity. Once programs, applications, people changes in the organization and also business processes changes. You have to rethink your cybersecurity strategy and adopt the new situations of the cybersecurity.
Also, the question is I have the right decisions made in the past. So rethink yourself about the responsible person for cybersecurity strategy. So did I have the right knowledge? Did I have the right, the right partners to implement ongoing cybersecurity strategy and all of you know that the, the hackers are getting more and more technology into like car E R E sophisticated stuff. And also you have to adapt this. So what's the difference. Once you have a big one and one, you have another one in our case at the first we have know nothing about cyber attack. So we have not know, have knowledge.
We have not known what happened. We have not a clear plan to survive and what we have to do and what the upcoming tasks and how to communicate with the press with the, with the police and so on.
So, and we have no experience in this crisis. So who can I call? As I told you at the second, we know what happened. We have a monitoring. We saw that it started, we really then well known how they came, come into our networks and we have clear procedures and clear routines to stop them.
So, and we have also experiences in communications who has to be informed, who is the first one, who is the last one who has to be informed in days or in encountering the first week, the first cyber attack took nine weeks till 95% operational. The second one took 48 hours. And the problem is the mostly the same. It was the last of the rebuild project from the first one. We have isolated the systems, but you don't, you are not sure if the complete network has the same things. So you shut down all of your components.
Again, you make the forensic and one, it was clear. We have rebooted the not compromise systems and deleted the old one. So cybersecurity attack has also good things. So we have no legacy software now in place till the second one, we are really modern now. And we have used used also the second one to improve our, to improve our knowledge, to handle cyber attacks in the future. And we are sure that third one will come, hopefully not next day and that not next year, but it will come.
So what we have learned about cyber attacks and how we, how we prepare us itself, we have done things in organization. We know how to prioritize. We have clear structure of emergency plannings and crisis management. We have overview overall processes, and we know which department can work without it. How long and what the side effects when they can't work with it and what we have to do to make workarounds. And we have a clear focus, set it up for cybersecurity. Also communication.
Once you have a cybersecurity incident, you should listen to your colleagues, to your suppliers, the supply chain we have learned also they have problems then, and also your customers has problems. So how to compare all the things happened since during a cyber tech, you have to be honest, you have to stay objective and not feel frustrated. It happens. Yes. And it happens twice. Yes. Okay. We learned a lot and we are not frustrated. And we are really objective about these topics and be reachable. So at the first one, we have the problem. We are not reachable.
We have lost all smartphones and iPhones. So we changed a lot that we are reachable for all our customers and suppliers. The motivation also is one of the key topics, how to keep up the motivation when you have a second cyber attack. So the colleagues think the idiots from the it, they have had the first one. Now they have a second one. So be the ER. So go to the departments, speak with them. How could that be happen? And describe what we have in the future to do, be interested.
Also, they have ideas to change processes and to keep up cybersecurity. And it's a, it's a real change by us in the, in the company. And the last topic was laugh with your colleagues till the crisis. So humor is a much motivational thing in the company. The next next thing is as better as your it cybersecurity strategy and the company cybersecurity strategy is. And we split that. We have it strategy of cybersecurity. That's the technical part. And we have the organizational cybersecurity strategy, which is for the organization, how to keep up the level of cybersecurity awareness in the company.
And that's really good stuff to prepare you. We have changed also the strategy that the cybersecurity and all stuff around cybersecurity is now in the management. I'm a technical manager of cybersecurity, not the organizational part. That's now by our CEOs, which track cybersecurity to through the whole company, test your cybersecurity often and make stress tests and near the realistic things. So call your boss in the night at four and said, we have a cybersecurity incident.
And then you see a real, then you see a real test and the reaction in real, and don't stop talking about cybersecurity in the companies. So we share our, we share our thoughts and our things to others that that's not happening in companies. And the most important thing, don't be sure, 100% security is in the world. Not reachable. Software is programmed by humans. Software is implemented by humans and software is use per humans and all of them make errors. And the other side use these errors. So thank you very much for your attention.
