Managing Cyber Extortion Crises

To be presented by: Lynn de Vries, CPP, PCI & Erik de Vries, CPP

Managing a crisis is always a challenge. But managing a crisis about something that is completely out of your comfort zone can be even more challenging. This is more and more the case as non-technical security professionals have to grapple with how to manage increasingly prevalent cyber extortion crises, including ransomware.

Whether or not they are part of the organization’s crisis team, the (non-cyber) security professional is often the first point of contact when a crisis hits. The most important thing to understand is that, no matter the cause, in most cases, crisis management is about communication and protecting the organization’s reputation. A cyber extortion crisis is no exception. Even though you may not be a cyber professional, knowing which steps to take can help you manage any crisis, even cyber.

Preparedness is always the best response. But where to start?

Using the business impact analysis as the first step in a comprehensive risk management approach is the best starting point from our point of view. The next steps are selecting and training the crisis team(s) and developing a well thought through crisis plan.

One cannot prepare for all kinds of crises. Adopting the all hazards approach and preparing checklists for the most likely scenarios will help crisis teams to be prepared, even though we all know that a crisis never develops as expected.

Apart from the experience of participating in a short but intensive cyber extortion crisis desktop exercise during our training session, attendees will be offered a step-by-step approach to develop or re-define their crisis plans.

Join us at GSX on Wednesday the 26th of September for our session: Managing Cyber Extortion Crises.