
What do you do now?
There are many scenarios to imagine; from disgruntled employees to corporate espionage, opportunistic hackers or targeted data theft. The list is practically endless.
The nature of the attack and demands of the attacker will
ultimately drive your decision but what have you done to prepare? Do you have a
corporate policy for negotiating with cyber terrorists? Do you have a cybersecurity insurance policy?
If so, what does it say about negotiations? Will you notify your partners,
stakeholders, customers, and the public? These are important considerations
that will impact your financial, reputational, and competitive advantage.
What is the ethical impact of paying a ransom? You may
get your data back, but what guarantees do you have from your attacker that it
won’t later be compromised, sold, or released? Will it embolden the attacker,
leading to more frequent attacks with higher ransom requests?
What is the ethical impact of NOT paying a ransom? In a
healthcare environment, such as the Hollywood
Presbyterian Medical Center ransomware attack, the impact may be reduced
quality of care, or even death of a patient. If sweeping the cyber-attack under
the rug after payment to the attackers is your goal, consider the ethical
impact of keeping such an event quiet. Would disclosing the attack
hurt your reputation more than being found out later after trying to cover it
up?
Maybe I’ve raised more questions than I’ve answered but
these are questions you should be asking yourself and discussing in the board
room.
I want to hear your feedback and some examples of
how your organization has responded to such attacks. Please comment.
David W
- Dragon's Lair Security
www.dragonslairsecurity.com | info@dragonslairsecurity.com
No comments:
Post a Comment