The yearly testing of our incident response protocol was on my radar for later this year, but circumstances moved it up on the agenda and turned it from a tabletop exercise to a real-world crisis.

What precipitated the crisis was the distributed denial-of-service attack against DNS provider Dyn on Oct. 21. Calls started coming in around 8:30 a.m. EDT, just as our East Coast customers were arriving to work and attempting to log in to my company’s cloud-based software-as-a-service applications. By 9:30, more than 200 had been logged. That’s when I got involved.