Excellent scenario of a ruthless cyber attack, painted eloquently by the BBC and describing the play by play action of a very real response by a business that's been put in such a position.
What should the team have done?
- prepared a data breach plan with step-by-step actions to take
- regularly circulated and updated the plan so senior staff were familiar with it
- notified third-parties and suppliers
- gathered evidence for the ICO to show how it has handled the issue
- called its cyber-insurance provider for advice and help
- refused to pay the ransom - there's no guarantee they'd get their data back.
ScenarioIT staff at fictional High Street optician Blink Wink's head office have been suckered by a phishing email. Someone clicked on a link to a spoof website because they thought the email looked legitimate. It wasn't. That was two months ago. Today, the proverbial hits the fan...