(TLP:CLEAR) What to Do When Your Organization Has Been Compromised by a Cyber Attack

Author: Chase Snow

Created: Thursday, January 29, 2026 - 15:11

Categories: Cybersecurity, Security Preparedness

Summary: This month, the Canadian Centre for Cyber Security (CCCS) released an awareness publication to provide guidance on the actions organizations can take in the critical moments following an incident to lessen the impact to the organization. The guidance includes helpful recommendations for organizations of all sizes in their cyber incident response efforts.

Analyst Note: The importance of effective cyber incident response is increasingly relevant to water and wastewater utilities as cyber incidents continue to impact the sector at an alarming rate. Incident response involves having structured processes in place which are designed to identify and manage cybersecurity incidents. Fundamental 1 “Plan for Incidents, Emergencies, and Disasters” from WaterISAC’s “12 Cybersecurity Fundamentals for Water and Wastewater Utilities,” says: “The inability to promptly and efficiently contain, mitigate, and communicate about cybersecurity incidents, emergencies, or disasters could result in significant operational disruption. Effective response plans will limit damage, reduce recovery time and costs, and increase confidence of partners and customers.”

Members are encouraged to develop an incident response plan (IRP), which are crucial to help prevent critical steps from being overlooked during a crisis. The new guidance from CCCS can help compliment this effort. Additionally, utilities are further encouraged to utilize CISA’s “Cyber Incident Response Guide for the Water and Wastewater Sector”, which establishes clear guidance for incident response specifically for water systems.

Original Source: https://www.cyber.gc.ca/en/guidance/what-do-when-your-organization-has-been-compromised-cyber-attack-itsap00009

Additional Reading:

Related WaterISAC PIRs: 6, 12