Most organisations are in the process of preparing for a high-impact incident. Our focus as a security community is now on developing the right processes, having the right tools, and getting everyone involved.

Looking back over seven years of responding to major security incidents, I keep coming back to the same observation: We need to make sure that we keep the human side of incidents in mind. We must ensure that we prepare and act in a way that considers the people involved in responding to an incident, those affected by an incident, and their wider communities. If we don’t, we will miss and fail to address an important impact.

In this talk, I invite you to challenge your incident response management system to ensure that the human side of the response is as well-prepared as all the other important elements.

AI Summary

Disclaimer: This session information was generated with the help of AI. The information has been reviewed and refined by the Swiss Cyber Storm team and the speaker before publishing.

Gregor Wegberg discusses the importance of considering the human aspect in cybersecurity, particularly in incident response to ransomware attacks. He emphasizes the need for organizations to understand their purpose, communicate effectively during crises, and ensure the well-being of their employees. Wegberg advocates for a comprehensive approach that includes technical, emotional, and human factors in cybersecurity strategies.

Key facts

Ransomware and other cyber incidents have a significant human impact, affecting the personal lives of employees and the operational capacity of organizations.
Many organizations lack a clear understanding of their core mission and priorities, which complicates their response to cyber incidents.
The majority of incident response plans fail to address the human aspect, focusing instead on technical recovery and procedural steps.

Ideas

The human side of cybersecurity is often overlooked, especially in incident response plans which typically focus on technical and procedural aspects.
Asking organizations why they exist can reveal their core mission and priorities, which is crucial for effective incident response and recovery.
Effective communication during a cyber incident is critical not only for managing the incident but also for maintaining trust with employees, customers, and partners.
The well-being of employees responding to incidents is vital for maintaining operational efficiency and should be a planned part of incident response.
Organizations must consider the moral and cultural implications of data breaches, especially concerning sensitive personal and health information.

Keywords

Cybersecurity
Human Aspect
Incident Response
Ransomware
Organizational Culture

Quotes

“most of the ransomware cases in our case but most of the incident and crisis plans Incident Management systems and so on don't really take the Human Side into account”
“if you do not know why you even should exist, how do you know what to recover first, what's your priority and how do you motivate people to work basically 24/7”
“communicate, communicate, communicate and I always tell especially upper management to write down in their Management systems that they will they should use Every Idle minute Every Idle second to talk to people”
“you have to make sure that your employees have something to drink they have something to eat and they take breaks”

Recommendations

Organizations should integrate the human aspect into their cybersecurity strategies, considering both the emotional and physical well-being of their employees during incidents.
Develop clear communication plans for incidents, ensuring that all stakeholders are informed, supported, and understand their role in recovery.
Conduct a thorough review of the data held by the organization, considering the moral and cultural implications of a breach, especially concerning sensitive information.

About the speaker

Gregor Wegberg

Head of Digital Forensics & Incident Response at Oneconsult

After his IT apprenticeship in software development at a Swiss financial service provider, Gregor Wegberg studied computer science at ETH Zurich, specialising in information security. Since joining Oneconsult in 2017, he has become Head of Digital Forensics & Incident Response and a member of the Management Board. Together with the Cyber Resilience Consulting Team and OCINT-CSIRT, he helps companies strengthen their information security and respond professionally and effectively to cyberattacks.
Read more …

Session