Responding to a Heavyweight Disruptive Extortion Attack: A View From the Frontlines

Town Hall Insights
UK CISO Community

Luke Fairless

Director, Technology (Security Program & Capability)

Tesco Plc


Nick Jones


TUI Group


Sarah Lawson

Group CISO



Adam Finkelstein

VP, Cyber Security Services, NA



Every company crisis is a challenge, but cyber-attacks are warfare-like situations in which the implications for the business are significantly amplified. From PR to legal consequences, these threats are not to be ignored, and they are definitely what keeps the community on their toes. The way one responds to this dynamic situation is critical, and CISOs are at the heart of creating strategies that can prepare the business to respond. As there is no playbook for the multitude of scenarios, teams have to adapt and constantly learn how to tackle attacks in a timely manner. 

The key formula: ‘Testing, testing, testing’

In the recent Virtual Town Hall, CISOs learnt how they can respond to an extortion attack, looking at both the attacker and the responder’s perspectives. Leveraging a wealth of experience, Sygnia’s experts walked participants through the steps that attackers take in order to breach company security systems, looking at how they identify vulnerabilities and exploit them. 

As their methods constantly evolve and get more and more creative, so will CISOs have to adapt in order to prevent potential threats to their businesses’ information security. Looking at such real-life events can reveal valuable insights, as one CISO mentioned during the discussion. ‘Testing, testing, testing’ is the key formula; by running through cyber-attack scenarios with their teams, security leaders can see how they respond in order to adapt their crisis management methods. 

One of the community members highlighted how important the role of a CISO is in a cyber-attack through examples from their organisation. Using the word ‘crisis’ and not ‘incident management’ has proved to be most effective in their case, as their team is more likely to take immediate action and put in place crisis management measures.

One measure mentioned by CISO participants includes working with partners who can test the resilience of their teams. Such partnerships are important for the IT department, as an external view can shed light into various potential threats. Another core feature mentioned is communication, and how effectively this can be done across the board. Reaching out to colleagues immediately can have a huge impact in a crisis situation, and it is also important to ensure that lines of communication haven’t been breached by attackers. 

CISOs as critical enablers for the business

In light of the global pandemic, companies have had to make tremendous efforts to adapt to the ‘new normal’, and, naturally, CISOs have had to make sure their resilience and response methods are sufficiently adapted to withstand the latest threats. More than ever before, CISOs are a critical enabler for the business, as one of our participants pointed out. 

Another said, “We are not in a post-Covid world yet, so we cannot predict how things will look as of now. A lot of assumptions that we had made previous to the pandemic have been shaken. Our business continuity plans had to be rethought.”

Coronavirus has created a valuable opportunity for CISOs in that business continuity plans that had been made pre-pandemic now need to be adapted. Shaking the foundation of their assumptions has opened the door to more communication and adaptability. 

Increasingly, there is interest in re-examining all decisions made in the past couple of years, and there is more willingness across the board to spend time looking at the bigger picture and adapting to the challenges of the new environment. It is important for CISOs to act now and take advantage of this overall openness to change in order to implement processes that will benefit the business and help it be more resilient and prepared for future threats. 


An Invaluable Network

The UK CISO Virtual Town Hall was attended by regional and global CISOs from leading organisations such as Deloitte, Ministry of Defence, Adidas, Maersk and Tesco. This is the most senior gathering of information security executives, with 98 percent of participants with C-level or equivalent Head of Function job titles.

This community is built by CISOs and for CISOs, to drive innovative ideas, share forward-looking perspectives and solve critical leadership challenges through peer-to-peer collaboration.

by CISOs, for CISOs


Join the conversation with peers in your local CISO community.