In this article, which was published in the Q2 issue of Continuity magazine, the membership publication of the Business Continuity Institute, Michael Rohrs discusses the key factors that influence the severity of a cyber extortion incident.
In the wake of the WannaCry ransomware attack in May, it is vital for all organisations to have a well structured and properly resourced plan for an effective technical incident response.
Key takeaways:
- Capability plus intent: One of the first essential questions to answer when you are alerted to a cyber extortion incident is, “Is the attacker capable of what they claim?”
- Crisis management: Regardless of the facts of an incident, perception can be reality during a crisis. Sometimes how you manage the other aspects of the incident – business continuity, internal communications, legal obligation, customer management and media interaction to name but a few – matters more than your technical response.
- Cost versus benefit: Being extorted can be emotional, particularly if you’ve been targeted more than once. But not all extortion attempts have the same level of severity or implications.
- Preparing for the expected: Extortion is a well-established and evolving technique and is now a common occurrence across sectors around the world. It will likely continue to happen as long as it works. The best way to secure your enterprise and reduce your risk is to prepare the entire business ahead of time.