The hackers are coming: How to create an actionable disaster recovery plan
Ransomware negotiator Michael Sjøberg shares tips for creating a simple, effective disaster recovery plan that works in real crises – not just on paper.
.jpeg)
"People who are stressed can’t read 100 pages".
That's the main point from ransomware negotiator Michael Sjøberg from Delta Crisis Management in a webinar on cyberattacks and disaster recovery planning.
Disaster recovery plan, Incident response plan, crisis management plan, or something else entirely – there are many names for it. The plan that is meant to get your systems back up and running in the event of a cyberattack, has for many companies long been a desk exercise. A theoretical, scenario-based plan that no one really expects to use. But reality has changed. The threat is no longer hypothetical – it’s real and current.
"GRC is no longer just a theoretical paperwork exercise. It has come alive," Michael explains.
It is only natural that GRC work has long been theoretical, he elaborates. It is difficult to be concrete when you haven’t experienced an actual crisis. But now things have changed, and there is enough empirical data and real-world experiences to make the work move out of the desk drawer and into daily operations. By 2023, one in ten businesses globally was exposed to a ransomware attack.
"It’s a bit like the military. You can sit at the Army Combat School and draw up big plans about how to use weapons in a potential war against the Warsaw Pact. But then reality plays out in Ukraine, and suddenly you realise; it’s drones we really need. There are things soldiers have trained for in generations that we now realise no longer make sense. I think that’s a natural development. We prepare with desk exercises until we have enough real experience to guide us".
Pragmatic approach
As a ransomware negotiator, Michael Sjøberg is brought in to help when companies are in the middle of a crisis and perhaps forced to engage directly with hackers to retrieve their data. This is where the incident response plan comes into play.
"I often see people trying to write everything out in great detail, using academic language and covering all the theoretical bases. But I think you’re doing yourself a favor by approaching it much more pragmatically."
So here are Michael’s tips for a solid disaster recovery plan:
{{factbox-dark}}
It’s time to ditch the academic, complex language and take a practical, hands-on approach.
And what’s the single most important thing to have prepared if everything else fails?For Michael, the answer is simple: “Remember to make backups.”
7 practical tips for a good disaster recovery plan
- Only include documents that you can actually use in practice
- Be clear about roles and define the teams. For example a management team and an IT team, and what each is responsible for
- The plan for the management team should be no longer than 10–15 pages
- Two of those pages should be agendas: One for the first crisis team meeting and one for the ongoing meetings
- Be consistent with the terminology you use
- Make it as user-friendly as possible – don’t overcomplicate it
- Practice it! Run through the scenarios and roles so it’s not trial by fire in a real crisis
Receive articles like this in your inbox
Sign up for our newsletter Sustainable Compliance
