The presentation covers the following topics relevant in the context of CyberCrime Incident:
The crucial steps after a CyberCrime incident will be presented. From quickly securing the data and isolating the affected systems, to communicating with the law enforcement agencies, to recovery and preparedness, there are lessons learned and specifics that are important to know.
The lecture will clarify the question of whether and in what form an exchange with the police, the perpetrators or the insurance company should take place. In the last decades, special features and experience values have developed for the communication of the aforementioned agencies. Successful communication can also include external communication. In addition, the reporting obligations under data protection law to the competent data protection authorities are dealt with, compliance with which is already imposed per legem. There is also experience on data recovery from those companies that have used professional data recovery services as well as from companies that have recovered data from their own backups. It is also crucial that the police receive all important information so that the investigation process and thus a quick clarification is supported in the best possible way. The precaution of future attacks will also be mentioned in the lecture. A thorough vulnerability analysis and the introduction of new protective measures, if necessary, should better protect the data. Another step can be to raise awareness among employees. Since experience values and best practices are worth a lot in cybercrime incidents, sharing insights is a good idea for everyone involved. If time permits, the presentation will be followed by an exchange of experiences.
Quick skilful action, cooperation with the authorities and the implementation of protective measures are crucial to minimise the impact and prevent future attacks.