Cyber Security


With the constant development of our digital landscape and its expanding capabilities, cyber threats are on the increase. New regulations like NIS2 are now on the horizon as having robust crisis management and resilience plans is paramount to maximised security in our ever-changing modern world. 

In Secura’s latest webinar, we’ve offered a unique perspective on Crisis Management protocols through pitting a cybercriminal gang against a crisis management team, demonstrating to participants the mindset of a threat actor.

The webinar aims to shed light on the intricate processes involved in a cyber-attack orchestrated by threat actors, while also highlighting proactive measures organisations can adopt to fortify their crisis management teams against potential cyber onslaughts.

One of the key takeaways from the session is the urgency for effective crisis management throughout the lifecycle of a cyber-attack. With a surge in ransomware attacks globally, regulators are enforcing stringent measures like NIS2, DORA, and UK FCA/PRA Operational Resilience, underlining the critical need for robust crisis management frameworks.

During the webinar, Luke Fletcher, Senior Crisis Consultant at Secura, and Daniel Maine, Red Team Lead at Direct Line Group, offer invaluable insights into the dynamics of cyber-attacks from both offensive and defensive standpoints. Drawing from their extensive experience in understanding threat actor methodologies, executing red team exercises, and responding to cyber incidents, they provide a comprehensive walkthrough of a cyber attack's lifecycle.

Daniel, assuming the role of a threat actor, reveals the intricacies of targeting victims and employing sophisticated attack tactics. Meanwhile, Luke plays the role of the unfortunate victim’s crisis management team highlighting resilience and crisis management procedures and discussing their efficacy when responding to each stage of a cyber-attack.


About the Presenters:

Profile of Luke Fletcher

Luke FletcherSenior Crisis Consultant at Secura

Luke brings over a decade of experience in crisis management and operational resilience across various sectors. He has coordinated the response to several major crises and spearheaded numerous crisis and resilience projects, specializing in the facilitation of crisis simulations.

Profile of Daniel Maine

Daniel MaineRed Team Lead at Direct Line Group

Daniel boasts 15 years of expertise in cybersecurity roles, encompassing incident response, offensive security, and mentorship. With a diverse background spanning legal, oil & gas, and insurance sectors, Daniel is committed to enhancing cybersecurity awareness and preparedness through mentorship and education initiatives.

Please find below the questions that were asked during the Live webinar on Cyber Crisis Management:

  • Is there a reliable method for gauging the likelihood of data restoration post-ransomware payment?

    Evaluating the probability of data restoration post-ransomware payment is complex, lacking a straightforward "Tripadvisor" equivalent. While threat actors may assist in recovery post-payment to enhance their credibility, success isn't guaranteed. Instances of successful recovery exist, but decryptor tools may fail or pose additional risks during the recovery process.

  • Do organisations often possess actionable Incident Response Plans that are actively practiced and followed during severe incidents?

    Based on our observations, Incident Response Plans often serve compliance requirements more than practical application. While crucial for development, their effectiveness increases through simulations and real-life incidents. Adaptability is key, as rigid plans may falter in the face of unique incidents.

  • What are your thoughts on the risks versus benefits of single sign-on (SSO)?

    Single sign-on (SSO) poses notable risks, especially in OT systems, potentially granting threat actors widespread access post-breach. While opinions on SSO's suitability vary, enforcing privilege separation, especially in critical systems, remains crucial to mitigate risks.

  • How does incident response work in a large multilayer organisation and how do you implement crisis management on different levels?

    Crisis management in large organisations necessitates a robust framework detailing coordination between operational and strategic teams. Clarifying roles, effective communication channels, and regular simulations are essential for seamless crisis management across hierarchical levels.

  • Are there any specifics to consider for cyber incident response for the OT environment?

    Cyber incident response in OT environments demands specific considerations due to potential threats to physical infrastructure. Threat actors may exploit OT systems to inflict physical damage or disrupt production, emphasising the need for tailored response strategies.

  • Given the entry point of weak passwords into ABC/CBA, how much improvement would MFA be?

    Multifactor authentication (MFA) significantly enhances security by mitigating risks associated with weak passwords. However, thorough implementation remains crucial, as phishing campaigns and other tactics can bypass MFA measures.

  • Are there known cases where blob storage from a big tech company has been compromised and encrypted?

    While less common, attacks against cloud storage, like Google Drive, have occurred, often due to misconfigurations. While ransomware threats exist, immutability features and flexible recovery options mitigate risks, with local and on-premises syncs posing potential vulnerabilities.

  • In stage four, where do you place the specific disaster recovery plans per team in the framework?

    Disaster recovery plans should be integrated within the operational layer of the framework, with technical representatives advising on recovery strategies. At the tactical layer, senior IT members should provide holistic reports to facilitate informed decision-making.

  • What's your advice to increase protection for admin and domain admin accounts?

    Enhancing protection for admin and domain admin accounts requires limiting their numbers, enforcing stringent password policies, and implementing a "2nd admin" policy to compartmentalise access. User behaviour analytics tools can provide early warnings of irregular account usage.


  • Can you tell me how to detect and stop an attack in an early stage (with the cyber kill chain in mind)?

    Early detection and prevention of cyber-attacks, aligned with the cyber kill chain methodology, necessitate robust controls, user education, and proactive monitoring. A combination of email and perimeter security, along with user education programs, can aid in identifying and mitigating early-stage attacks.

Want more information? Get in touch with a member of our team today: 

Please select country prefix
Enquiring about
If known (Approx.)
If known (Approx.)
Maximum 3 files.
2 MB limit.
Allowed types: pdf, doc, docx, ppt, pptx, xls, xlsx, jpg, png.
I have read and understood the terms and conditions of {Personal data protection policy}.
Your personal data is collected by Bureau Veritas UK, having its registered office at Suite 206, Fort Dunlop, Fort Parkway, Birmingham B24 9FD, and is subject to computer processing in order to respond to questions from the media about the Group or its subsidiaries on the basis of your consent, and to respond to customer complaints, on the basis of the service contract that you have entered into with a subsidiary of Bureau Veritas.

Your personal data is intended for the Corporate Communication department or the Quality, Health & Safety and Environment department of the Bureau Veritas Group, depending on the nature of your request, and for their service providers, providing consulting and technical services as well as for the Bureau Veritas IT department. Your personal data will be retained for a period of one year for media requests and three years for customer complaints from your request. Your personal data can be transferred outside the European Union, in countries where Bureau Veritas subsidiaries operate, on the basis of standard contractual clauses established by the European Commission, available on request, by submitting a query here.

Fields marked with an asterisk must be filled in. Otherwise, Bureau Veritas would not be able to answer your questions and/or complaints. In accordance with the Data Protection Act 2018 and the General Data Protection Regulation of 27 April 2016, you have the right to access, rectify and erase any personal data concerning you, as well as the right to limit the processing, the right to oppose to the processing or the right to portability of your personal data. You have the right to withdraw your consent at any time by submitting a query here and unchecking the box dedicated to the collection of your consent. You can exercise your rights online to lodge a complaint to the Information Commissioner’s Office.