Express Computer
Home  »  Columns  »  How to handle cyber-extortion incidents? Key 7 measures to follow

How to handle cyber-extortion incidents? Key 7 measures to follow

0 412

As technology is becoming more and more integrated to enterprises globally; the cyber-security threats are gaining the center stage focus. Of these ever-evolving and complex threats, cyber-extortion is catching up faster than ever.

By Ashish Thapar

As technology is becoming more and more integrated to enterprises globally; the cyber-security threats are gaining the center stage focus. Of these ever-evolving and complex threats, cyber-extortion is catching up faster than ever. It may not be hogging the headlines, perhaps due to the fact that most organizations may be giving in to the demands of the perpetrator without realizing that they may still have to bear the brunt if extortionist does not keep the ‘promise’.

It is therefore, extremely important that organizations are well prepared to handle such scenarios rather than doing a knee-jerk reaction. Listed below are some of the key measures that could be included in a cyber-extortion response plan for an organization:

  1. Conduct immediate risk assessment while effective response is being triggered in parallel to handle the incident
  2. Discuss all possible factors that could magnify the risks (such as impending sensitive business news, initiatives and/or information about an acquisition/merger/de-merger)
  3. Engage General Counsel, Corporate PR, CIO/COO/CTO, Expert Emergency IR Teams and determine whether the extortionist’s claims are factual by isolating areas that may be affected to determine if they have been compromised
  4. Depending on the veracity of the extortionist’s claims and the threat assessment thereof; ascertain if it is needed to maintain an active communication channel with the extortionist and to what extent any information is to be discussed in those conversations
  5. Setup a Red Team to identify and remediate the vulnerabilities (technology/process/people) that were the root cause of the incident
  6. Evaluate the possibility of engaging LE and/or in-country CERT organization. This may help in connecting the dots and leveraging the knowledgebase of the modus
    operandi/motive of the perpetrators and perhaps solve the issue much faster
  7. Assess the feasibility of warming up disaster and business continuity plans depending on the nature of the threat, perhaps by increasing frequency or type of backups. This includes assessing whether restoring the services could negatively affect the key evidence in the investigation

The author is Managing Principal, RISK Services – APAC, Verizon Enterprise Solutions 

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image