At the 2018 RIMS Annual Conference, Tom Srail with Willis Towers Watson discussed cyber extortion.
Cyber extortion is a significant risk to your business operations. One common form of this is ransomware. Ransomware is malicious software that gets into your company’s computers and locks up the data, rendering it inaccessible until you pay the “ransom”. Cyber extortion can also be performed by collecting confidential data from your system and bribing you for its return or threatening damage to your system if funds are not paid.
Some of the bigger losses from cyber extortion include a technology firm that went out of business because of a denial of service and ransomware attack. They refused to pay the ransom and, because of that, could never access their data again. Another cyber extortion event allowed the hacker to access the cameras on phones from a certain manufacturer. The company made a huge payoff and the hackers were never caught.
If an extortion event happens:
- Contact internal crisis response team, GC and CISO
- Contact law enforcement
- Report the event to your insurer and broker
- If you decide to make the payoff, what payment methods are they using? Probably crypto currency like Bitcoin.
- Alert public relations and investor relations