4. Mitigation
Organisations activate mitigation measures to prevent the aggravation of the situation and eradicate cyber incidents in a timely manner to alleviate their impact on business operations and services.
24. Containment. Organisations activate their containment measures and technologies best suited to each type of cyber incident to prevent the incident from inflicting further damage, including to connected entities. Having knowledge about what is the specific threat, such as Indicators of Compromise (IoCs), [FSB (2018).] and an understanding of its possible behaviours would also aid in the decision-making. Organisations monitor for anomalous activity and IoCs in connected, but apparently unaffected, networks and systems. Depending on the nature of the cyber incident, organisations make a claim on existing cyber insurance policies to alleviate the costs of recovery and help impact mitigation by obtaining relevant services offered by the policies, such as computer forensics, crisis management or public relations services.
25. Business continuity measures. Depending on the severity of a cyber incident, organisations invoke business continuity plans to maintain critical operations based on pre-defined prioritisation process. Examples of business continuity measures include activating contingency measures to facilitate the processing of critical transactions while system restoration efforts continue, or activating an alternative service provider if the primary service provider will not be able to recover from an incident within a certain period of time, as agreed in the respective SLA.