Faced with a range of obstacles, business leaders were already dealing with rising challenges to their risk and approach to cybersecurity; and then, along came Covid-19.
Read more as our cybersecurity experts share insights from their first-hand ransomware experience. Our experts offer corporate-wide recommendations to elevate existing procedures to the threat of intrusions and protecting corporate data.
New risks emerging during these unprecedented times and challenges that businesses face. Examples include hacking, video and teleconference hijacking, data breaches, and fraud.
Acknowledging attacks, the importance of internal communications, and management team roles including IT, legal and risk advisors.
Understanding future risks and types, strategic planning, and best practices for responding both internally and externally.
Ransomware Goes Corporate - A First-Hand Account | AN INTERVIEW WITH...
WSG: Do you feel it is important that a company publicly addresses a cyberattack when it happens?
Jon Åsberg: Yes, extremely important. Attackers need to be taught that companies do not cave into threats.
WSG: Do you think the media can play a role in deterring future criminals and attacks through increased reporting on these topics and issues?
Jon Åsberg: Absolutely. Media can play a key role in exposing attacks, warning non-suspicious companies and also provide advise on how to protect your company.
WSG: Are there any other key points you would like include regarding risk management and best public relations practices for companies who have experienced an attack?
Jon Åsberg: Be prepared, have back up on all your contacts, and be ready to report.
WSG: In regards to forming your risk management team, what would you consider
a top requirement to have in identifying the situation (PR, Law, Insurance, Corporate Executives)?
Sandra Elvin: When it comes to risk management it really depends on the risk evaluated and who should take part of the team assessing the risk, but as a minimum the business/process/information owner should be involved in the risk assessment and decision making. At an aggregated level, all business risks should be presented to the executive management to ensure that the risks are known and accepted not just when looking at them one-by-one but also ensuring that the total amount of risk is not acceding the business’ risk appetite.
WSG: From your experience is there enough experience and understanding of this situation from the advisors including: PR professionals? Risk Management Professionals? Lawyers? Accounting advisors and any other areas your dealt with in your own experience?
Sandra Elvin: No, in my view questions on cyber risks are often referred to the IT or IT security department as the nature of the risks are not fully understood. Cyber risks are no different from other business risks and should be understood by everyone involved in the business management as they will suffer the consequences of cyber risks.
WSG: What key recommendations would you make for risk management of this type of attack?
Sandra Elvin: Ensure that all members of staff understand what a cyber incident might look like for your particular business and how to react to it. Adopt a zero trust approach where you assume that your business is under attack and act accordingly. Accept that business risks is an inevitable part of running a business and cyber risks are no exception, integrate cyber risk management into your digital business processes.
Read how firms can be proactive with their efforts to combat credential stuffing cyberattacks. And, hear from General Counsel leaders across Asia Pacific on remote working and what they feel are the largest cyber-threats.
Talks On Demand
Expert posts bring together the many ways our practicing experts and guests pose current topics globally using interviews, webinars, podcasts, blog posts and articles.