The Situation/Threat Summary Internet gambling and online crime go hand in hand, Internet gambling attracts quite a number high number of online criminals hungry for easy money. Since March 2018 I have been the IT security manager at The Marble Online casino. Since then, we have faced many different online threats in casinos, but not like the latest ones. Last Monday we received a cyber extortion email from an online criminal group threatening to take the casino offline using a Distributed Denial of Service (DDoS) attack unless the casino paid a ransom of 5 BTC. When this happened, we alerted the casino's IT security team so they were prepared for a possible imminent DDoS attack and took no further action. At the time, The Marble did not have an existing system to prevent this type of attack. Not long after, four days later, the DDoS attack was launched against the casino on a Friday evening and for 30 minutes the casino website was forced offline. As a result, casino users could not play for 30 minutes as the casino was unavailable to them. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an original essay The main lesson we can take from this unfortunate incident is the vital importance of having DDoS protection hardware installed at the Internet's edge – something IBM and ABS reportedly believed they didn't need. This type of protection is the only way to protect an organization's entire security infrastructure in the event of an attack. If our customers had suffered such an attack, they probably wouldn't have even noticed the attack taking place and it certainly wouldn't have compromised them from a security perspective. Because DDoS attacks target a full spectrum of security risks, it is important to defend your entire security infrastructure and data from potential threats. A proactive and robust cybersecurity strategy, clearly communicated throughout your organization, is your company's best defense against cyber attacks. Designing and implementing an incident response plan is a critical component of an effective cybersecurity program. One of the reasons Dyn was able to quickly mitigate the attack is that it already had a response plan ready. The hackers involved in this incident designed and implemented a unique attack approach, and Dyn was still able to stabilize the breach before it destroyed the company. Your company's cybersecurity strategy must incorporate the ever-changing nature of cyber threats. Focusing too narrowly on specific incidents could hinder your company's ability to respond. CFOs must ensure their companies are ready to respond to new attack methods by running “what-if” scenarios and testing response capabilities. Your company may not always be fully prepared for designed attacks, but by testing your controls you can reduce recovery times and costs. On the other hand, it's important not to overcomplicate your response plan. Including recovery steps for all possible scenarios will result in a complex document that will not allow employees to act quickly. Your plan should instead focus on specific recovery scenarios for critical business data, functions and supply chain. Focus on creating an incident response program that works in multiple scenarios, taking into account people,places, procedures and communications. Dyn clearly had a team of experienced professionals at their disposal to resolve an attack that could destroy their business. Every business, large or small, can take a similar approach to combat cybercriminals. CFOs are spending millions of dollars on software and technology to protect their companies from cybercrime and should invest more money in training their staff. According to Verizon's 2016 Data Breach Investigations Report, human error is the leading cause of cybercrime. Training employees about the dangers of cyberattacks must include more than simply sending them a list of dos and don'ts. Become more creative. Consider using gamification for training exercises to present real-life scenarios to employees. One way to achieve this is to pretend that hackers are trying to obtain proprietary information from your employees. If your office doesn't respond appropriately, the experience could prove to be a great lesson for everyone. For example, you don't want your employees to click on suspicious links in emails, so you instruct them to forward suspicious links to the security team. Then you send a gradual test email to see what they do. When a user answers correctly, they are rewarded by being entered into a drawing for a $100 gift card, the winner is drawn quarterly. How to implement the playbook to ensure stakeholders are aware and engaged in the recommended steps. Be clear about the purpose of stakeholder engagement. Purpose will underpin the entire approach, influencing who will be involved, how they will be involved and what to commit to. Get the right people involved. To identify the right stakeholders, it should be clear why they need to be involved and what the extent of the involvement will be. Who needs to know? Who has an interest? The answers will ultimately determine the composition of the target group of stakeholders. Also consider the risks to implementation if particular stakeholders are not involved. There is no one-size-fits-all approach to engaging stakeholders – each interaction should be personalized. Stakeholders have different skills, objectives and capabilities to interact with government. Don't assume that what worked for one situation will work for another. Often a mix of approaches will be needed and you may need the flexibility to adapt your approach quickly. Stakeholders should have a clear understanding of how their input will be used and the degree of influence their input will have when approaches to policy design and implementation are formulated. When stakeholder expectations cannot be met, anger, frustration, or cynicism may result, which will affect the current and future relationship with government. The purpose of the effort and the role of the participants, including how their contribution will be used, must be clear from the beginning. Engagement isn't just about gathering information. It is a process of responding to information to shape and improve the quality of the initiative. Information from stakeholders can also indicate whether the approach to engagement itself needs to change. Greater organizational benefits will arise if you share lessons learned from engagement across your agency, particularly where your agency regularly interacts with the same group of stakeholders on a variety of issues. Map your stakeholders Identify all stakeholders who will have an impact or influence.