How to handle cyber-extortion incidents? Key 7 measures to follow

As technology is becoming more and more integrated to enterprises globally; the cyber-security threats are gaining the center stage focus. Of these ever-evolving and complex threats, cyber-extortion is catching up faster than ever.

By Ashish Thapar

As technology is becoming more and more integrated to enterprises globally; the cyber-security threats are gaining the center stage focus. Of these ever-evolving and complex threats, cyber-extortion is catching up faster than ever. It may not be hogging the headlines, perhaps due to the fact that most organizations may be giving in to the demands of the perpetrator without realizing that they may still have to bear the brunt if extortionist does not keep the ‘promise’.

It is therefore, extremely important that organizations are well prepared to handle such scenarios rather than doing a knee-jerk reaction. Listed below are some of the key measures that could be included in a cyber-extortion response plan for an organization:

1. Conduct immediate risk assessment while effective response is being triggered in parallel to handle the incident
2. Discuss all possible factors that could magnify the risks (such as impending sensitive business news, initiatives and/or information about an acquisition/merger/de-merger)
3. Engage General Counsel, Corporate PR, CIO/COO/CTO, Expert Emergency IR Teams and determine whether the extortionist’s claims are factual by isolating areas that may be affected to determine if they have been compromised
4. Depending on the veracity of the extortionist’s claims and the threat assessment thereof; ascertain if it is needed to maintain an active communication channel with the extortionist and to what extent any information is to be discussed in those conversations
5. Setup a Red Team to identify and remediate the vulnerabilities (technology/process/people) that were the root cause of the incident
6. Evaluate the possibility of engaging LE and/or in-country CERT organization. This may help in connecting the dots and leveraging the knowledgebase of the modus
   operandi/motive of the perpetrators and perhaps solve the issue much faster
7. Assess the feasibility of warming up disaster and business continuity plans depending on the nature of the threat, perhaps by increasing frequency or type of backups. This includes assessing whether restoring the services could negatively affect the key evidence in the investigation

The author is Managing Principal, RISK Services – APAC, Verizon Enterprise Solutions