No cyber panic! Know what to do during a cyber attack.
- Because, who is part of a crisis team during a crisis?
- How do you initiate a digital forensic investigation?
- How do you protect your organization against data loss and reputational damage?
- Who should you inform in the event of a cyber attack?
- And, what are the first steps in the event of a ransomware attack?
What will you train on?
During Hack The Hague on September 30, a Cyber Crisis Training for entrepreneurs will be organized by the Municipality of The Hague and CCRC (Cyber Chain Resilience Consortium) in collaboration with Security Delta (HSD). Here’s what the training will offer you:
- Experience realistic exercise scenarios under the guidance of top professionals from the cybersecurity field.
- Share experiences with other entrepreneurs.
- Receive insights and concrete tools to take back to your own organization.
The goal of the Cyber Crisis Training is to gain insight into what to do when faced with a cyber crisis. The training is intended for entrepreneurs who want to better understand cyber risks, become aware of the dangers of working online, and learn how to better prepare for a cyber attack.
When: Monday, September 30, 2024
Time: 3:00 PM – 6:00 PM
Location: Council Chamber, City Hall The Hague
A cyber attack scenario...
We will take you through a fictional cyber crisis and provide examples of how, by participating in a Cyber Crisis Training, you can mitigate damage and manage the crisis.
The attack
It’s Friday morning at 9:00 AM when the phone rings at HaagsOnline: “Yes, this is the branch in Utrecht; I can’t access the system!” Various reports are coming in at the headquarters. HaagsOnline also receives a general mailing about a technical outage. Shortly after, HaagsOnline is no longer reachable by phone and email communication has failed. A colleague sees the following message on X: “I’ve heard through my network that a large accounting office in the Netherlands has been hacked and that a ransom is being demanded; can anyone confirm this?”
This situation requires immediate action. During the Cyber Crisis Training, you will learn that upon the first signs of a cyber attack, you should assemble your crisis team. Keep the crisis team small and effective, with roles such as a chairperson, security/privacy officer, and a communication expert.
Securing and Communication
Susan Ritsen, CEO of HaagsOnline, informs both internal and external stakeholders about the extensive incident on Friday at 1:30 PM. Since Thursday evening at 11:14 PM, HaagsOnline has fallen victim to ransomware. The criminal group, known as BitLocker 3.0, has encrypted all data and claims to have a copy of all customer information. A ransom of 22 bitcoins has been demanded, to be paid within seven days.
In the event of such a notification, it is important not to act impulsively. Immediately disconnect the network from the internet and turn off Wi-Fi. This prevents further spread of the malware and protects your backups. Ensure that automatic backup processes are halted in consultation with IT to prevent further dissemination of the infection. A communication expert within the crisis team must coordinate all internal and external communications to prevent misinformation and to keep employees and customers informed quickly and in a controlled manner.
Forensic Investigation and Negotiations
Later in the day, an update call follows from HaagsOnline. Together with forensic experts, further investigation is conducted. It turns out that the attackers gained access through an email containing an infected attachment. There has been no access to the networks of the customers, but the data of HaagsOnline has been encrypted and may have been copied.
At this stage, it is essential to seek professional assistance. It is advisable to document the contact details of the process owners. You should also check the coverage of your cyber insurance and, in consultation with legal and insurance experts, determine how to respond to the ransom demand in this case.
Evaluation
When evaluating the action items, it is important to consider the notification obligation. For example, a data breach must be reported to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours. This is a crucial step to comply with laws and regulations and to avoid potential fines.
Do you want to go through a scenario yourself during the Cyber Crisis Training? Sign up for free for the Cyber Crisis Training organized by the Municipality of The Hague and learn what you can do!