Cyber Security Today, Week in Review for week ending July 5, 2024

Share post:

Welcome to Cyber Security Today. I’m Howard Solomon, contributing reporter on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

What should management and IT leaders do when their organization is hit by ransomware? To help answer that question today, I’m joined by Imran Ahmad, a partner in the Norton Rose Fulbright law firm and Canadian co-head of the firm’s cybersecurity and data privacy practice. I asked him to be on the show because recently he was part of a workshop at a privacy conference on how to respond to a ransomware attack.

Imran Ahmad: I tell this to every single client of ours, ‘You’re not going to be judged by the fact that you had an incident. It happens a lot. It happens more frequently than people would like to admit. You’re going to be judged on the response — and having that really quick, methodical [incident] response on a go-forward basis is really critical.

Howard: When you get called for help, how many organizations aren’t prepared?

Imran: I think there’s always some level of preparation within an organization … They know what to do. They have been to conferences, they’ve read about this or they’ve attended sessions with their colleagues or talked to peers. So they have an idea. What they don’t necessarily have a good grasp on is the sequencing of how to proceed. For example, you know you need to communicate with your staff when systems are down, but what do you put in that communication? When do you push it out? How do you push it out? How frequently do you update your staff members? That’s the detail [missing]. Sometimes that can be a bit more challenging and I’ll pause after this one comment. I often say it’s not science but more of an art dealing with breaches. No matter how similar you hear about ransomware incidents attacking organizations, they’re all very, very unique. So you have to adjust accordingly.

Howard: What are the elements of a good ransomware response plan?

Imran: I’ll take your question a bit more broadly in terms of what is a good cyber incident response, and I’ll answer the question sort of in a reverse way: I’ve been teaching a course at the University of Toronto Faculty of Law for the last eight years. And one of the first exercises I do is ask the students to go online and research what in their view were some of the worst [incident] responses they’ve seen anywhere around the world. And almost to a student group, they all come up with the same ones. So you dig in and you ask ‘Why, why are these standing out as being not very good responses to a cybersecurity incident or ransomware incident?” And three things that come up over and over again.

Number one is, you can be down for a few days. But when you’re down for a month or more something really significant may have happened, which gives people the impression they [the victim organization] weren’t ready for it. Second, they seem to not have a handle on the situation. The communication isn’t clear or they change the story over and over again. New facts are being discovered that weren’t even in the realm of possible before, or they’re correcting previous statements. The third one that comes up is where organizations are being heavily investigated or sued in class actions or Congressional hearings or equivalent litigation is going on. Often just from an optics perspective — not necessarily on the merits — maybe gives the impression that the organization did something wrong because there’s allegations out there. So those three are sort of the hallmarks of poor response. I would argue the opposite would probably be hallmarks of a good response.

(This is a partial transcript of the discussion. To get the full conversation, play the podcast)

A programming note: I’m taking two weeks off to enjoy the summer. I’ll be back Monday, July 22nd.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Security research team claims to have helped avert a major supply chain attack

JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious...

Phishing attacks on state and local governments surge by 360%

Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according...

What is Ticketmaster saying to its customers?

Here's the letter that has been sent out out to Ticketmaster clients that a reader sent to me....

Will the “AI bubble” burst? Hashtag Trending for Wednesday, July 10, 2024

Europe may be reigning in big tech, but Canada and the US are struggling, despite public concern.  Analysts...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways