

As more and more people realize that cyberattacks don’t just happen to ‘others’ but are likely to happen to their organizations, it should be clear that simple awareness of these events is not sufficient: you have to prepare for when, not if, these events happen. We recently had the chance to sit down with Stu Panensky, Partner at FisherBroyles, LLP. Stu and his team have dealt with over 100 ransomware attacks in a counseling role and have a lot of wisdom to share about the current state of cyberattacks and what organizations can and should do to prepare for them.
Incident Response Plan
One of the key issues we covered in the discussion was the importance of an Incident Response Plan. This is a set of instructions or procedures to detect, respond to, and limit the consequences of a cyberattack against an organization’s information systems.
You want to have this plan put together (and written down) for three reasons:
- You don’t want to have to figure out what to do and who to call while the event is happening—you need to account for the fact that it’s very hard to make rational decisions in disaster scenarios.
- You want to have a written document to reference in case computers are encrypted and you can’t use them to access the plan—there should be multiple copies of this printed plan with multiple people to avoid a single point of failure.
- You want to have gamed out scenarios, such that there’s a step-by-step checklist you can follow to help the organization respond quickly and calmly—this should include conditions in which the organization can stay ‘open’ and move to non-digital tools to carry on business, and other conditions in which such actions are not tenable.
- sending emails to your help desk to keep it busy all day long
- accessing a customer list and sending emails to those customers telling them, “Did you know we’ve attacked this company you do business with?”
- threatening to make the data breach public, creating a public relations problem
No comment yet, add your voice below!