Ransomware Goes Corporate - A First-Hand Account
An Interview With....
Sandra Elvin, National Security Office for Microsoft Sweden
Jon Åsberg, Editor-in-Chief at Fokus, Sweden’s leading weekly news and current affairs magazine
Faced with a range of obstacles, business leaders were already dealing with rising challenges to their risk and approach to cybersecurity; and then, along came Covid-19.
Read more as our cybersecurity experts share insights from their first-hand ransomware experience. Our experts offer corporate-wide recommendations to elevate existing procedures to the threat of intrusions and protecting corporate data.
WSG: In regards to forming your risk management team, what would you consider a top requirement to have in identifying the situation (PR, Law, Insurance, Corporate Executives)?
Sandra Elvin: When it comes to risk management it really depends on the risk evaluated and who should take part of the team assessing the risk, but as a minimum the business/process/information owner should be involved in the risk assessment and decision making. At an aggregated level, all business risks should be presented to the executive management to ensure that the risks are known and accepted not just when looking at them one-by-one but also ensuring that the total amount of risk is not acceding the business’ risk appetite.
WSG: From your experience is there enough experience and understanding of this situation from the advisors including: PR professionals? Risk Management Professionals? Lawyers? Accounting advisors and any other areas your dealt with in your own experience?
Sandra Elvin: No, in my view questions on cyber risks are often referred to the IT or IT security department as the nature of the risks are not fully understood. Cyber risks are no different from other business risks and should be understood by everyone involved in the business management as they will suffer the consequences of cyber risks.
WSG: What key recommendations would you make for risk management of this type of attack?
Sandra Elvin: Ensure that all members of staff understand what a cyber incident might look like for your particular business and how to react to it. Adopt a zero trust approach where you assume that your business is under attack and act accordingly. Accept that business risks is an inevitable part of running a business and cyber risks are no exception, integrate cyber risk management into your digital business processes.
WSG: Do you feel it is important that a company publicly addresses a cyberattack when it happens?
Jon Åsberg: Yes, extremely important. Attackers need to be taught that companies do not cave into threats.
WSG: Do you think the media can play a role in deterring future criminals and attacks through increased reporting on these topics and issues?
Jon Åsberg: Absolutely. Media can play a key role in exposing attacks, warning non-suspicious companies and also provide advise on how to protect your company.
WSG: Are there any other key points you would like include regarding risk management and best public relations practices for companies who have experienced an attack?
Jon Åsberg: Be prepared, have back up on all your contacts, and be ready to report.
View the webinar where the panel describes their first-hand experience of the ransomware attack on Addtech and how they came through the experience.
|