Dan Lohrmann a Cybersecurity Leader| CxO Advisor | Bestselling Author and Bikash Barai Co- founder @ FireCompass and CISO Platform, a discussion on a real-life ransomware attack where the company's cybersecurity insurance provider negotiated the ransom down, but also limited the payout - highlighting the complexities companies face when responding to such incidents.
Here is the Verbatim discussion: And it was um like about a let's just say I'm not going to give you too many details but the story makes sense as I go through this like it was about a five million dollar requests they had they had they had encrypted all their data they had no access to anything their backups were were were encrypted they they had not done a good job of separating their backups and and they hadn't done a good job of a lot of people have backups but they have they don't test the backups and so the Bad actors get in and they actually encrypted the backups as well so they were kind of you know up um they didn't want to pay they didn't want to pay they had cyber insurance and the and in the US the Cyber insurance company said look they came in they were it's your decision it's always the company's decision but we know these people and we're going to negotiate it down to 1.2 million we know we can get these guys down from five to 1.2 so they already like the the Cyber insurance company had had the Playbook right so we're going to negotiate this down to 1.2 million and oh by the way if you don't do that we're only going to give you even though the Cyber insurance policy was actually for five million we're only going to give you 1.2 million and we think it's going to cost you like eight million to restore all your systems and everything you have to do so they almost almost felt like and again I'm not saying this is always true with cyber insurance they almost felt like they had to pay they had to go with what the Cyber insurance company wanted to do to get their data so sure enough you know they the the the Cyber Insurance paid the 1.2 million they got their most of their data back they still had some problems and then they were able to restore the systems and and go from there but you know the requirements from the Cyber insurance company it's it plays into a lot of these scenarios for a lot of companies the other thing I'll mentioned I don't know if you saw the headline a few weeks ago there was a company in the United Kingdom that had a big ransomware they paid out millions of pounds and then they didn't do anything and two weeks later they got hit again the exact same people so it's like the guy it's almost like your story of getting the the two potatoes in the bag I mean it's like they paid they paid the ransom they got the keys back they got their databack but there I don't know if they were you know all went on vacation or what they did but they did they weren't they weren't ready maybe they put together a plan for what we're going to do you know a year from now but they didn't have a year I mean they had a you know get on it when when their data came back they paid the ransom and then guess what you know they got hit again and had to paytwice that's a funny story all over the you can read about it yeah so then one interesting kind of takeaway from what you mentioned and also the kind of problem which I fac the reason why I decided to kind of break down the drill into two parts was because the team never did something like this before and we wanted some real outcome and we wanted them to come prepared and what you mentioned something which I kind of not uh noticed while you were telling it was that when you do this exercise in one go you expect everybody to come prepared with their plans so I think that's a very important thing that these crisis drills in order to be successful the teams need to have that right background beforehand they need to come with some level of preparedness and planning and not just get in that's not going to be a recipe for Success so uh back to this recipe for Success Dan any any of your suggestions in terms of dos and don'ts in order to make these tabletop exercises successful one is like this preparation right so this is something very important any other thing which you suggest yeah let me just add one more quick thing to that I got have a couple here I can go over but um preparation we always had read Ahad materials so it was like real life scenarios people you know or it could be like here's what happened at this other company here's what happened at you know a competitor of ours or you know here's what happened maybe you want to do it in the same industry and Andor materials like before you even started the exercise you kind of gave the intelligence but again this may be not a real situation but like here's what's happening in the world you know for an oil company the price of oil has plummeted yada yada yada y you know kind of Preparing People in advance for the scenario that's going to hit them on the day of the exercise so yeah I mean definitely that should always be part of so prepar operation and and and making sure people who are coming in know what their role is going to be know what their uh know what you know some background is another thing we did so I giv you some other tips what often happens at these is is they start th you know throw curves at people and you know what I mean by that is you know kind of like you play cricket but B you know throw um us baseball you know curveball um change it up.
.png)
Comments