After Action Reviews for Cyber-Attacks
After countless man hours and additional funding put in place to protect your business from cyber-attacks , there will always be residual risk of a breach. If a breach still happens after all the hard work you and your team put in, it would be easy to resign yourself to the fact that it was all for nothing. What you must focus on though is that all that hard work made it much more difficult for that breach to occur. A hacker may spend days, weeks or months attempting to breach a network, and they only have to be lucky once to call their operation a success. If they manage to do so, the best thing you and your team can do is ensure you learn from it. After every operation in the military, both training and real-world, comes an After Action Review (AAR), and you should conduct one of your own to learn as much as you can about any cyber incident. An AAR has several parts which are key to ensuring you learn as much as possible about the incident: What was supposed to happen?...