Cyber extortion (typically but not always using ransomware) has become a billion dollar “business.” Individuals and companies of all sizes and industries are vulnerable. For health, safety, and financial stability reasons, regulators have heightened expectations for data “availability” as a critical component of security. In the digital arena, as elsewhere, disaster recovery and business continuity have a seat at the head table for incident response planning purposes. And companies have to be prepared to make and carry through with tough decisions. Is there anything worse than paying a criminal to get your property back? Maybe so, although hopefully careful preparations will save the day or avoid the problem to begin with. This panel includes (i) an “in the trenches” analyst/consultant with plenty of experience scrutinizing, negotiating with, and, yes, paying the bad guys; (ii) the Law, in the form of the FBI, who is interested in gathering forensic data, catching the bad guys, and deterring future attacks; and (iii) a lawyer/coach, to whom companies may turn for governance, policy, and legal compliance advice. The panelists will discuss how to deal with a cyber extortion situation, how things are likely to go down if a decision is made to pay, what you may wish you had done or thought of, and what the law and law enforcement have to say about doing business this way.
[Programming descriptions are generated by participants and do not necessarily reflect the opinions of SXSW.]