April 4, 2023
Cyber Crime and Negotiator Response

The demand for Negotiators to respond to hostage-taking and extortion has always existed but has risen dramatically over the last decade or so. The rise in extortion, and in particular cyber-extortion, is fuelled by the reliance on digital means for conducting business and maintaining an online presence. How a business responds to a cyber-attack will depend upon the nature and intention of the attack. Using a Hostage Negotiator has many benefits. Meaningful engagement with the cyber-criminal to prevent unintended escalation being just one.

My colleagues and I from negotiatedresolutions.com, and like most Police Negotiators, qualified initially as Crisis Negotiators and subsequently completed specialist training and continuous professional development to respond to incidents involving hostage-taking and extortion. The demand for Negotiators to respond to hostage-taking and extortion has always existed but has risen dramatically over the last decade or so. The rise in extortion, and in particular cyber-extortion, is fuelled by the reliance on digital means for conducting business and maintaining an online presence.

In recent years, cyber criminals have exploited misaligned networks as organisations moved to remote working which was accelerated by the global health pandemic. In 2020, malware attacks increased by 385% when compared to 2019. 2021 saw a 125% increase in cyber-attacks globally and clearly poses an existential threat to businesses and individuals. Other geo-political considerations across the world also increased the threat and volume of cyber-attacks.

 Nearly 1 billion emails were exposed to cyber-attacks in a single year, affecting 1 in 5 internet users.

 There were around 236.1 million ransomware attacks in the first half of 2022.

 The UK and USA have considerably more victims of cyber crime per million internet users compared to other countries.

 39% of UK businesses reported suffering a cyber-attack in 2022.

 In 2022, data breaches cost businesses an average of £3.55 million ($4.35 million).

 The most common cyber threat facing businesses and individuals is phishing.

What Should I Do?

How a business responds to a cyber-attack will depend upon the nature and intention of the attack. Whatever the case, it is true that prevention is better than cure and businesses and individuals should carefully consider their cyber security.

 What is your perception of how much security you should wrap around your digital assets?

 Have you considered an internal or outsourced Security Operations Centre (SOC) to provide real-time network monitoring and protection?

 Are you confident your network is secure and have you considered penetration testing?

 Do you have robust cyber security processes and policies covering software, hardware and, most importantly, the individuals with access to your network?

 Do you hold insurance covering cyber-attacks – Kidnap and Extortion Insurance (K&E)?

 Do you have access to specialist support, including a Hostage Negotiator, in the event of an attack?

Why Do I Need a Negotiator?

The UK Government and the Federal Bureau of Investigation (FBI) advise organisations to avoid negotiating with cyber-criminals and do not endorse the payment of ransoms. The argument is that the payment of a ransom sets a dangerous precedent and is likely to encourage further attacks. The appetite to resolve incidents in the business world is completely different.

A mantra that I follow is ‘engagement does not imply approval’. On many occasions, I have had detailed conversations with kidnappers and extortionists regarding their demands for ransom payments in exchange for the release of hostages.

Locking you or your customers out of your organisation’s network or stealing your valuable data is hostage-taking by any definition. Using a Hostage Negotiator has many benefits which, amongst others, include:

 Meaningful engagement with the cyber-criminal to prevent unintended escalation.

 The capture of evidence of any criminality which may assist in the prosecution of the cyber-criminal.

 The development of intelligence to assess the continuing risk to the organisation and individuals.

 The introduction of realistic delays around the meeting of a ransom demand to facilitate the development of intelligence, to allow the network to be rolled back to an identified back-up point and testing of the system to identify the mode of attack.

 Reduce the expectation of the cyber-criminal.

 Discourage or minimise any unilateral action taken by others.

 Liaise with law enforcement if applicable.

I hope that this short high-level blog has given you something to think about.

Stephen McNeill

Negotiator/Trainer
Read More
News

“Freedom only to speak inoffensively is not worth having.” Lord Justice Sedley in Redmond-Bate v DPP

Stephen McNeill

Protest Liaison should be considered a critical function in managing demonstrations and activism on campus and is intended to contribute to ensuring compliance with the Act.

News

A Former Hostage Negotiator's Guide to Active Listening

Listen to this podcast episode where we explore the art of negotiation and the power of active listening. Negotiation is an essential skill in both personal and professional life, and it requires a unique set of skills to master. In this episode, Kirk shares his insights and provides practical strategies for success in negotiations.