BBCTechnology

Cyber-attack! Would your firm handle it better than this?

What’s it like being the victim of a live cyber-attack? What should you do to protect your company from further damage? And should you pay that ransom demand? Technology of Business eavesdropped on a “war games” exercise hosted by cyber security firm Forcepoint that was based on lots of real-life experiences.
Scenario
IT staff at fictional High Street optician Blink Wink’s head office have been suckered by a phishing email. Someone clicked on a link to a spoof website because they thought the email looked legitimate. It wasn’t. That was two months ago. Today, the proverbial hits the fan…
Tuesday 08:30
Tony Lewis, Blink Wink’s IT administrator, starts his day clearing out the company’s public email inbox of the usual junk and spam. One message stands out. His stomach lurches.
“I have more where this came from. We will be in touch shortly with our demands,” the text says below someone’s name, credit card details and email address.
Tony hopes it’s a hoax, but can’t take the risk. He swallows hard and calls the firm’s security officer, Doug Hughes. Doug isn’t impressed as he’s on holiday in New York where it’s 3:30am.
“This better be good,” he growls. Tony forwards the suspect email.
“Have we validated the credit card number?” Doug asks, tension evident in his voice now. “Is it one of our customers?”
“I don’t know yet,” admits Tony.
“Well, when did we get this?” Doug snaps.
“Um… well… it seems we got it yesterday just after I’d left work, so I didn’t notice it until this morning.”
“So we’re at least 12 hours into this?”
“Um, yeah,” Tony mumbles sheepishly.

Source: BBC

Comment here