Want to make interactive content? It’s easy in Genially!
Get started free

Over 30 million people build interactive content in Genially.

Check out what others have designed:

VISUAL COMMUNICATION AND STORYTELLING

Presentation

ASTL

Presentation

TOM DOLAN

Presentation

BASIL RESTAURANT PRESENTATION

Presentation

AC/DC

Presentation

ENGLISH IRREGULAR VERBS

Presentation

ALL THE THINGS

Presentation

Discover more incredible creations here

Transcript

Click to enter

In partnership with:

Cyber Crisis Workshop You’ve been hacked – NOW WHAT?

  • Give your knee-jerk reactions
  • Aim to respond in under 10 seconds.
  • Your answers are anonymous
  • This is a NO FAULT exercise

Making the most of this exercise Interaction is key

  • You are the COO of GreenLife Foods
  • You do NOT have any cyber insurance
  • Your staff have NOT undertaken any cyber security training
  • You do not have an Incident Response Plan to deal with a Cyber crisis
  • Your team have no prior experience

Put your personal circumstances aside For the purpose of this exercise

Walk you through the sequence of events of a cyber attack and their potential impact. Test your reactions under pressure.Understand the impact of the crisis on the org’s critical systems. Consider what decisions need to be taken and by whom. Raise awareness of what happens in the response and remediation phase.Explore the options and resources available to you should the worst happen.

The aim of this toolkit

Watch our company showreel! Click the image to view each slide

Greenlife Foods

All staff 'accidentally’ receive an email from HR with an attachment of the “yearly staff bonus”.

Day 1 An email to all staff

No

Yes

Question one Do you open the attachment?

It’s decision time – You have 20 seconds please respond to the question on your screens

HOW WOULD CYBER INSURANCE HELP?

NEXT PAGE

SEE INCIDENT RESPONSE PLAN

Within a few hours of you opening the email, all devices are locked across the business. Around 5% of people targeted by phishing attacks click on malicious links or attachments, based on Verizon's 2023 Data Breach Investigations Report (DBIR). When it comes to stealing login credentials, about 30% of phishing emails that are clicked successfully capture sensitive information, such as usernames and passwords.

Day 1 All devices have been locked

Early detection could have prevented the malware from spreading widely, reducing the extent of IT infrastructure damage, and minimizing production downtime.The implementation of processes to identify and deal with suspicious emails could have resulted in earlier detection and prevented the malware from spreading more widely, reducing the extent of IT infrastructure damage, and minimizing production downtime.

Some cyber insurance can provide you with an always-on detection software to support earlier detection of attacks.Most also provide you with a 24/7 access to a breach response team, helping you to respond and recover quickly from a cyber-attack - getting you back on your feet.

Early detection could have prevented the malware from spreading widely, reducing the extent of IT infrastructure damage, and minimizing production downtime.The implementation of processes to identify and deal with suspicious emails could have resulted in earlier detection and prevented the malware from spreading more widely, reducing the extent of IT infrastructure damage, and minimizing production downtime.

HOW WOULD CYBER INSURANCE HELP?

Some cyber insurance can provide you with an always-on detection software to support earlier detection of attacks.Most also provide you with a 24/7 access to a breach response team, helping you to respond and recover quickly from a cyber-attack - getting you back on your feet.

(click to view source)

NEXT PAGE

You have deleted the email but other staff members have clicked on the attachment. Within a few hours of staff opening the email, all devices are locked. Phishing remains the most common form of cyber-crime. Of UK businesses that suffered a cyber-attack in 2022, 83% say the attack was phishing.

Day 1 All devices have been locked

SEE INCIDENT RESPONSE PLAN

Call IT

Reboot machines

Question two Do you try to rebbot all machines or call IT

It’s decision time You have 20 seconds please respond to the poll on your screens

10

NEXT PAGE

Machines are still locked. Ransomware attacks like the one in our story are not easily reversible because the encryption methods used by cyber criminals are virtually impossible to crack without the decryption key, which only the attacker possesses. Ransomware can lock systems in such a way that entire networks and devices have to be rebuilt, leading to prolonged downtime, and significant disruption.

Day 1 All devices have been locked

11

IT have informed you that there is a cyber attack and all machines are locked.

  • All computer-controlled production machinery locked out. Costing you over £40K lost in revenue per day.
  • Over 65 staff on the production line are standing idle.
  • You have a ransomware demand of £250K

Day 2 There’s been a cyber attack!

12

Don’t pay

Pay £250k

Question three There has been a ransomeware demand, do you pay it or not?

It’s decision time – You have 20 seconds please respond to the poll on your screens

13

  • A well-crafted IR plan considers and caters to all applicable threats and scenarios. A fit-for-purpose IR Plan:
  • Will include a communication strategy to ensure clear and timely communication
  • Will Clearly identify Roles & Responsibilities to ensure that all those involved are fully aware of their role during a crisis
  • Clearly outline the recovery strategies for critical assets
  • Identify external parties that must be informed and involved, such as insurers and regulators
  • Cyber insurance can cover your business interruption loss (including extra expenses resulting from the interruption) when your computer systems are impacted by a cyber event.
  • Insurer's breach response team connects you with an extortion specialist, who can help with negotiations with the cyber gang.

NEXT PAGE

HOW WOULD CYBER INSURANCE HELP?

SEE INCIDENT RESPONSE PLAN

  • Even if you pay, there's no assurance that the attacker will provide the decryption key or remove malicious software. In many cases, victims never get their data back.
  • Even if you get the decryption key, it may not work properly or could only restore part of your data.
  • Paying might not prevent the data from being exposed or sold to others.
  • Paying incentivises future attacks.
  • Paying may violate laws or sanctions.

Day 3 You paid but nothing has changed!

14

NEW POST

Whether you decided to pay or not to pay doesn’t alter the fact the data has been breached. To make matters worse some of the data has been leaked online. The Information commissioners office has got wind of the security breach. They require you to respond.

Day 3 Data has been leaked – the Cyber criminals mean business

15

Respond later

Respond now

Question four The ICO have been in touch and requested information on the data breach. Do you respond immediately or later?

It’s decision time – You have 20 seconds please respond to the poll on your screens

16

  • Well designed playbooks would have meant that the company would have clarity on whom to inform and when
  • Comms Templates would mean that the organisation would be able to issue critical communications to the relevant stakeholders rather than spend hours/days with legal and other teams crafting the communications during the actual crisis.

www.ico.org.uk/for-organisations/report-a-breach/personal-data-breach/personal-data-breaches-a-guide/

NEXT PAGE

HOW WOULD CYBER INSURANCE HELP?

SEE INCIDENT RESPONSE PLAN

The law requires that you notify the ICO of a data breach within 72 hours of becoming aware of it. Guidance from the ICO:

Day 3 Data has been leaked – the Cyber criminals mean business

17

  • Insurer's breach response team connects you with IT forensics and data recovery specialists to help you respond and recover.
  • Insurer will provide access to legal advice on whether and how to notify the ICO (Information Commissioner).

The ICO have acknowledged your response and will be back in touch. There are however further problems: Staff are posting about the situation on X. Journalists and key clients are calling for updates. Your team has suggested an external crisis communications support team can help but the cost is £35k!

Day 4 People want answers!

18

No

Yes

Question five Do you instruct the external PR agency to manage the situation the cost is £35K?

It’s decision time – You have 20 seconds please respond to the poll on your screens

19

  • Cyber insurers can connect you with a Public Relations consultant who can provide consultancy and advice on how to communicate with the press, or your customers. This can help mitigate brand damage arising from the cyber-attack.
  • The spoiled stock costs can form part of the cyber business interruption loss calculation.

In addition to communications plans and templates. An effective incidence response plan will also contain a list of support services or third party support options who you can reach out to for support. For example a trusted crisis PR firm(s) who have already have already been vetted by your business or you have an existing relationship / agreement with.

HOW WOULD CYBER INSURANCE HELP?

SEE INCIDENT RESPONSE PLAN

By not instructing a PR agency you could potentially:

  • Delayed or poor communication = damage to your reputation. Without professional support you might issue unclear, incomplete, or overly technical statements that result in distrust or confusion.
  • Media Backlash - the media may amplify the negative aspects of a cyber-attack if you’re not managing your communications properly.
  • A good PR company will help avoid inconsistent messaging, conflicting statements and inaccuracies.
  • If communications aren’t professionally managed, customers may abandon you, investors may lose confidence and regulators may hold you in breach of your duty to provide timely notification.

Day 5 People want answers!

20

The PR agency are handling enquiries from journalists... However IT are still unable to fix the problem and production has ceased with £100k of stock having to be disposed of. Key clients are calling wanting to know if their details have been compromised.

Day 5 People want answers!

21

Use forensic IT team

Deal with them directly

Question Six Key clients are calling wanting to know if their data has been compromised. How do you deal with this?

It’s decision time – You have 20 seconds please respond to the question on your screens

22

  • Cyber insurance can cover you for your lost net profit arising from an adverse publication (bad press) relating to a cyber event. Where a client leaves you, insurance can reimburse you for the loss of their business. Protection for your bottom line.
  • Sometimes, computer hardware is rendered useless by a cyber event, and you’ll need to replace it. Cyber insurance pays for the costs to replace or restore computer hardware and other physical equipment impacted by a loss of firmware integrity resulting from a cyber- attack.

A good incident response plan should contain a well thought out communication plan. Including examples of responses which can use and and adapted to ensure all responses are well-thought out and provide the necessary information and support to clients and third parties. With the aim of reducing the risk of client loss due to poor communication and support.

NEXT PAGE

HOW WOULD CYBER INSURANCE HELP?

SEE INCIDENT RESPONSE PLAN

You've tried to deal with the Client directly but the client is unsatisfied with your answers. They decide to cancel order.

  • If a client cancels an order, you’ll lose the revenue (and any profit).
  • Losing one important customer may cause others to consider moving away.
  • Reputational damage is costly to recover from.

Day 6 People want answers!

23

Day 7 Costs mount up

24

A forensic IT team have been instructed at a cost of £50k. They have provided details to the client and they have decided to proceed with their previous order. IT have called to let you know there’s a breakthrough in dealing with the attack but new hardware is needed adding a further cost of £75k.

No

Yes

Question seven Do you purchase new hardware?

It’s decision time – You have 20 seconds please respond to the question on your screens

25

NEXT PAGE

IT break-through.Success in uploading some of the data. Without new hardware it is difficult to guarantee that your systems have have the malware completely wiped from the system.

Week 2 We’re back online

26

  • IT break through. Success in uploading some of the data
  • Crisis PR support has kicked in - feeding facts to interested 3rd parties with daily updates
  • The production line is back online and employees are back at their stations

Week 2 We’re back online

27

What level of awareness/ training do your employees have on Cyber threats? What level of Cyber protection does the business have? Does our insurance cover Cyber-attacks? Do we have an incident response plan in place should the worst happen?

Reflecting on your own business Ask yourself these questions:

28

An overview of the sequence of events and steps to take at each stageA clear communication strategy to ensure timely communication with the right individuals/ organisations Identifies roles & responsibilities to ensure that all those involved are fully aware of their role during a crisis An outline the recovery strategies for critical assets External parties that must be informed, contacted and involved, such as insurers and regulators

Creating Incidence Response Plan What does a fit for purpose plan include?

30