Immersion in the heart of a cyber crisis exercise at the FIC 2025 – Challenges

Immersion in the heart of a cyber crisis exercise

While cybersecurity has become a major issue for companies, preparation is essential to avoid being thrown off guard in the face of crises. The InCyber Forum in Lille was an opportunity for many managers to try their hand at the exercise. Challenges has lent itself to the game.

Wednesday, April 2, headquarters of the telecommunications giant Connectis. Around the table, half a dozen officials are busy. The company is the victim of a software outage affecting the company’s operations: subscriptions, customer service, billing operations, nothing works anymore. Very quickly, my colleagues and I fell into a crisis cell: the Medusa group claimed responsibility for the cyberattack, and demanded a ransom to prevent the dissemination of 500 gigabytes of customer data into the wild.

Don’t panic, this is an exercise offered to professionals at the Lille InCyber Forum , the largest cybersecurity forum in Europe. And for the occasion, Challenges joined the participants. Everything is done to make the situation as immersive as possible: we have an online platform with an email box, social networks (“Y” and “Instagrum”) fed in real time and two phones that will not stop ringing for the next hour. Each person in the team chooses a well-defined role: as a good journalist, I become Sam Dubois, communications director of this fictitious company called Connectis and described as a behemoth with 400 million customers worldwide.

Cyber resilience, a key requirement of NIS 2

“The objective of the exercise is to practice making decisions in a collegial manner in a highly degraded context,” explains Stéphanie Ledoux, CEO and founder of Alcyconie, a cyber crisis management training and support company behind this exercise. “We can all read that there are cyberattacks, but when you are a victim of them, it is extremely violent. We find ourselves in a state of shock, we can spend several hours before accepting that we are in crisis; However, decisions must be taken quickly.”

This training is necessary, and should soon become mandatory: the new NIS 2 regulation, currently being transposed to Parliament, will require thousands of companies to become more resilient to cyberattacks. Among the requirements of the text, the definition of codified crisis management procedures, the identification and awareness of people and stakeholders to be mobilized and the adoption of a training strategy in the face of threats.

Excitement and coordination

Training, learning how to function in a crisis cell, understanding the role and importance of each position: this is precisely why we are currently gathered around the table. While the theory may seem simple enough, in practice, excitement reigns. The decisions to be taken follow one another, the communiqués to be drafted as well; Despite the stress, we try to keep a cool head and make regular progress reports to move in the same direction and not miss any information.

No matter how fast we are moving forward, events are accelerating: if the ransomware is identified and access to our system quickly cut off, the tweets of angry or mocking customers follow one another, and the information leaks to the press before I have even had time to finalize my announcement. Oops.

The sprint continues, and the hour of simulation is over: if we manage to identify the origin of the leak, we learn in the process that Medusa is already selling our customers’ data on the Dark Web. A situation that I am very happy not to have to manage.

“It’s very complicated to do a good job without preparation”

Among the few tables gathered in this room of the InCyber Forum, opinions are unanimous about the difficulty of the exercise. Difficulty in acting without information, coordination between team members, the need to have ready-to-use procedures and communication supports, but also to know the maximum deadlines for the interruption of the most sensitive services: the awareness of the need to anticipate crises has been successful. “It’s very complicated to do a good job without preparation,” says one of my neighbours.

A necessary preparation, but one that does not immunize against the stress of real life – nor against the constraints of the real world. “In reality, most crisis units operate in a hybrid way, without everyone being around the table: some may be teleworking, others on the move,” says Stéphanie Ledoux. Not to mention the need, in practice, to collaborate with the crisis units of other entities or, less well-known, to have a crisis clerk trained to centralize all the information with a view to filing a handrail. These are all points to anticipate to avoid surprises and limit damage on the day of the attack.

Article written by François Vaneeckhoutte for Challenges.