An inside view of how one company deals with ransomware attacks and what risk managers can learn from their approach
The accounting software solution dedicated to small and medium size companies WinBizz, was affected by a major ransomware attack targeting its cloud solution InfoPro last December.
Winbizz immediately reacted and decided to change the cloud solution and move to the Swiss Cloud.
The crisis was violent and multi-dimensional! The firm faced legal issues, business continuity was down, and financial consequences looked like they would be significant.
Teams worked 24/7 for days, they were exhausted. Everyone was emotional, the heart of the company had been touched, and nobody would remain neutral to that pressure.
Reputation was at stake, and of course competition tried to take advantage of the situation.
Emmanuelle Hervé, CEO of EH&A, is part of a panel discussion the crisis at the Risk!n conference on May 25 in Switzerland.
Ahead of her session, Strategic Risk caught up with her to find out what she would be discussing and why risk managers should attend.
Tell me about the ransomware attack you experienced.
Being a crisis management firm, our clients have experienced numerous ransomware attacks of various different forms.
Some of these attacks targeted major companies directly, while others targeted the cloud used by some of my clients. In some cases, the attack came from a subsidiary or another country.
Usually what happens first is that the functioning of a couple of apps begins slowing down. Sometimes, the apps will stop altogether and do not respond anymore.
Then business continuity is affected. Emails do not work, so the company has a hard time communicating with the world and with its own employees.
Anxiety begins to rise - and then comes the ransom. We have to verify whether data is up for sale on the dark web, and if it is, what sort of data has been compromised.
This can lead to GPDR issues and declarations. We may also have to consider ransom negotiation - if it makes sense - as well as discussion with police, and the insurance providers.
How did you respond and what key steps did you take?
We created a crisis committee and got organised to address the top priorities, which are customers and employees
We went around the table (CFO, HR, Insurance, Legal, Operation etc) to understand what could be the worst-case scenario and what sort of mitigation plan we could prepare.
We prepared a communication plan, to proactively engage with all our stakeholders.
What can risk managers learn from the situations you’ve faced?
There are several very pragmatic tips, which can only be known by someone who has faced the situation, including all the stress, emotion, and pressure from the corporate, bank etc.
It’s important to keep in mind long-term thinking. Firms must also be flexible and creative as required by the situation.
What are some of the main things attendees will learn at your Risk-!n session?
Attendees will understand that preparation is key and get some very hands-on tips, not only focused on the crisis management of such a situation but also on how to deal with the emotional side of an attack.
To find out more about the conference, or to register to attend, visit the Risk!n website.
No comments yet