Cyber & IT Supervisory Forum - November 2023

 Customer Informa Ɵ on Database: ‐ Overview: Holds cri Ɵ cal borrower informa Ɵ on, including payment histories, contact details, and transac Ɵ on records. ‐ Impact:  Inaccessible User Data: Borrower informa Ɵ on, including payment histories and contact details, remains inaccessible.  Communica Ɵ on Infrastructure: ‐ Overview: The email server, essen Ɵ al for internal and external correspondence, including vendors that support mul Ɵ ple aspects of the sub ‐ servicing work. ‐ Impact:  Customer Service Issues: The company’s ability to respond to borrower inquiries about their loans and accounts is currently unavailable.  Communica Ɵ on Interrup Ɵ on: Email and messaging, both internal and external, is compromised. This prevents communica Ɵ on between the regional servicing facili Ɵ es and the home o ffi ce.  Document Repository: ‐ Overview: The system for securely storing and retrieving essen Ɵ al documents related to client por ƞ olios. ‐ Impact:  Inaccessible Document Data: Essen Ɵ al client documents and records remain inaccessible. IT sta ff has conferred with senior management and the Board, and it has been decided that ac Ɵ va Ɵ on of the incident response plan is warranted. IT sta ff begin to take steps to immediately take the company’s network o ffl ine to try and contain the spread of ransomware. The company’s opera Ɵ on, including the regional o ffi ces, has now e ff ec Ɵ vely been brought to a stands Ɵ ll. 1.) Now that ransomware has been iden Ɵ fi ed within the organiza Ɵ on, what are some of the ini Ɵ al technical and administra Ɵ ve steps the organiza Ɵ on should be taking to address the incident? 2.) Let’s now think about how incident communica Ɵ ons happen within the organiza Ɵ on. a. Once the incident response plan has been ac Ɵ vated, how and to whom might the details of the incident be communicated within the organiza Ɵ on? b. Who within the organiza Ɵ on might poten Ɵ ally be involved in the internal communica Ɵ ons component of the incident response process? INCIDENT RESPONSE:

7