top of page
Writer's pictureCarrie Whamond

Alternit One’s Cyber Attack Scenario – How to Limit Your Risk Profile (Part 1)

Updated: Nov 18

By Carrie Whamond, Founding Partner at Alternit One


Cybersecurity is now a board-level priority for every business, and for Chief Operating Officers, the responsibility to minimise risk often falls on their shoulders. At the recent With Intelligence COO Summit, Carrie Whamond, Founding Partner at Alternit One, had the pleasure of leading a streamed workshop session titled “Cyber Attack Scenario Experience: How to Limit Your Risk Profile.” Together with Chloe Gleeson from PM Alpha and Dean Berney from Legal & General Investment Management, the panel guided participants through a real-time cyberattack simulation to provide practical insights on managing these threats effectively.


In this two-part series, Carrie shares the session’s lessons and key takeaways that organisations can implement to strengthen their cyber resilience. The first installation of the series explores the initial phases of the simulation: the importance of preparation and responding to the first signs of an attack.



The Importance of Real-Time Scenarios


Cyber attacks are not just hypothetical risks. They are real and evolving threats, with the financial sector being a prime target. The aim of the workshop was to bring participants closer to the reality of what happens during an attack. More importantly, it aimed to equip them with actionable strategies that they could take back to their teams for learning and development.


Rather than simply discussing cybersecurity in theoretical terms, an interactive, real-world simulation was set up. Participants were asked to step into the shoes of a management team facing a significant cyber breach. As the scenario unfolded, groups decided how they would respond in the short, medium, and long term, addressing everything from internal communications to technical responses and external stakeholder management.



Phase One: System Lockouts and Initial Response


In the first phase of the simulation, a London-based hedge fund had been breached. The firm, with employees working remotely across multiple locations, relied heavily on Microsoft365 for its day-to-day operations. The first sign of trouble came when the firm’s trader was unable to log into his laptop. Soon after, the COO discovered that multiple employees were unable to access emails or files. Upon contacting their IT service provider, they were informed that the company’s entire Microsoft365 environment had been locked down, and the passwords for all accounts had been changed by unknown actors. This was the start of a full-scale cyber breach.


At this point, the management team had to quickly assemble an incident response team. The key actions discussed in the workshop included:


  • Reviewing the Incident Response Plan (IRP) to ensure everyone understood the protocol for dealing with a cyber breach.

  • Establishing alternative communication methods using SMS, mobiles, or other messaging platforms.

  • Communicating with staff, clients, and vendors to keep them informed as the situation unfolded.

  • Breaking Single Sign-On (SSO) connections with third-party applications to prevent further compromise.


Ensuring that no further damage was done was the immediate priority. In the event of a cybersecurity attack, COOs must be prepared to act quickly, bringing in the right stakeholders and making decisive moves to minimise the disruption to the business.



Phase Two: Extended Lockdown


As the attack progressed in the simulation, it became clear that all users were locked out. The firm’s IT provider was unable to regain control of the Microsoft365 environment, and the breach escalated to a critical incident with Microsoft themselves.

During this phase, participants explored temporary workarounds, such as:


  • Restoring files from the third party back up system (like Cloud Ally, N-Able) to a temporary platform.

  • Communicating through an email continuity platform like Mimecast to maintain business continuity.

  • Put call forwards in place to mobiles if using Microsoft for voice.


At this point in the scenario, it was discussed how organisations must balance operational needs with security protocols to ensure the business can function while a longer-term solution is found.


In Part 2 of this series, we’ll go on to discuss the external impacts of a cyberattack, including managing public relations and client communications, as well as the post-incident remediation steps every organisation should take to avoid future breaches. Carrie will also share the critical lessons and key takeaways from the session that every COO needs to know.

3 views0 comments

Commentaires


Les commentaires ont été désactivés.
bottom of page