Technology Competitive Response
.pdf
School
University of Economics Ho Chi Minh City**We aren't endorsed by this school
Course
BOOK 2013
Subject
Information Systems
Date
Jan 1, 2025
Pages
6
Uploaded by tranngannt2000
To pay or not to pay? Drill: Overall context > Company background You are staffed internally, on a knowledge development project with the head of the firm's business technology practice. You've been asked to investigate the proliferation of ransomware attacks and their impact on the business community in the US. The term "ransomware" refers to a family of malware programs which lock IT systems (e.g., by disabling the keyboard) or prevent access to files (e.g., through encryption) and hold them "hostage” pending a ransom payment, usually delivered in Bitcoin. Although ransomware has existed for decades - the first attack was distributed via floppy disk in 1989 - the programs have become increasingly advanced and the incidence rate has recently skyrocketed. It is estimated that more than 700,000 corporate users are affected by ransomware each year. If your research unearths interesting findings, the head of the group wants to submit a paper to one of the firm's widely- circulated publications, on which you would be a co-author. Part 1: Structure( » Play) Drill type: Structure, Category: Cost analysis The crux of the problem that the partner wants to answer is what companies should do in these crises. Depending on the type of malware, businesses may have only a few days to respond - and ransoms may increase or files may even be deleted each hour they do not pay up. Time is short and risk is high. The partner wants to arrive at a response playbook for companies which become infected, answering the ultimate question: Should you pay? Your response(s) Type answer | Record audio What problem are you solving? How will your framework solve it? Bucket 1 Sub-bucket Sub-bucket Sub-bucket ® Add Bucket 2 Sub-bucket Sub-bucket Sub-bucket ® Add ® Add bucket 1/6
Part 2: Quantitative Drill type: Quantitative, Category: Estimating cost You reason that, like the government, a company's default position should be not to pay a ransom. To that end, you dig in on the underlying costs associated with not paying, and unearth the following information: 1) While certain high-profile attacks against larger businesses have requested a single, large dollar amount in the tens of thousands (e.g., against the Hollywood Presbyterian Medical Center in 2017), most attacks are more decentralized and targeted at midsize companies. Typically, devices are individually encrypted with unique decryption keys and a ransom is demanded per device. 2) 10,000 or more devices have been affected in a single attack, but the average is closer to 200. While devices can be wiped and restored in some cases, uncertainty about lingering code causes most companies to choose to replace the devices entirely. 3) Most midsize businesses lack the internal IT capabilities to health check systems and improve security following an attack. A third-party IT security firm is typically needed for a 4-week engagement, and charges in the range of $10,000 per week. 4) For 5% of midsize businesses, the commission of business is fully disrupted for two days - fully preventing the delivery of goods or services and thus the generation of revenue. What is the total cost associated with the typical attack, should the company choose not to pay the ransom? Your response(s) (2 Type answer | Record audio Type Description Value(s) Assumption v Step description (e.g., 180M Households / 3 people per HH...) Value or n/a © ® Add Final sizing Final sizing Part 3: Charts & data Drill type: Charts & data, Category: Chart analysis Having looked at the costs of not paying, you decide to switch to the alternative. A report you are reading includes the following histogram on ransom demands per device. Based on this data, how much would a typical company have to pay out? 2/6
Ransomware dollar demands, US respondents Percent of surveyed respondents 36% r-_fl 20% - N om Ed 10% - L___—‘ J L — | 0% S500 or less $501-1,000 $1,001-5,000 $5,001-10,000 Your response(s) Type answer | Record audio Type Description Value(s) Assumption Step description (e.g., 180M Households / 3 people per HH...) Value or n/a © @ Add Final sizing Final sizing Part 4: Brainstorm Drill type: Brainstorm, Category: Assessing risk You're working directly with the head of the business technology group, with no intervening levels of oversight on this project. You've sat down with him to review your initial math on the costs of paying vs. not paying. He comments that the numbers you've run are relatively close, and don't point to an overwhelmingly clear choice. He thinks that understanding the risks associated with each path may help clarify the question. What are some potential risks of either paying or not paying? Your response(s) Type answer | Record audio Category(ies) Item(s) 3/6
Your category here... @ Add category An item here... ® Add Part 5: Quantitative Drill type: Quantitative, Category: Finding revenue breakpoint After talking through the risks, the group head comments that the risk of perpetrators failing to decrypt machines is nontrivial - in 1/4 of cases, it turns out the hostage takers don't decrypt your devices even when you pay. He asks you to incorporate this into your math. He also proposes a reframing on the lost revenue math. Rather than framing the entire analysis in terms of a $500m revenue company, he proposes you instead identify the revenue breakpoint at which not paying becomes more costly than paying. After leaving his office, you return to Excel to finalize your analysis. Your response(s) . (2 Type answer | Record audio Type Description Value(s) Assumption v Step description (e.g., 180M Households / 3 people per HH...) Value or n/a © ® Add Final sizing Final sizing Part 6: Synthesis Drill type: Synthesis, Category: Strategy recommendation The final ask from the group head is to outline a three-to-five point playbook for how to respond in the days following a ransomware attack. Based on what you have learned so far, what do you recommend? Your response(s) Type answer | Record audio 4/6
Enter your core components here... © 7 ® Add Part 7: Synthesis Drill type: Synthesis, Category: Summarization The group head is pleased with the results of the project, and decides to move forward with publishing a paper. You, of course, will be carrying out the drafting of the document. You decide to begin with an outline, summarizing the major points. Your response(s) Type answer | Record audio Enter your insightful answer here... / Case Summary: To pay or not to pay? Return to all cases Category: Technology and telecommunications > Dealing with a ransomware attack Drill type Time taken Expert answers 1. Structure O Review answer 2. Quantitative O Review answer 3. Charts & data O Review answer 4. Brainstorm 0] Review answer 5. Quantitative O Review answer 6. Synthesis O Review answer 7. Synthesis O Review answer See RocketBlocks Experts walk through this case 5/6
Tricky consulting case interview: malware attack response (... Return to all cases About Free resources Interview prep Resume advice Launch your career. 12 MC Ventures, LLC Copyright 2023 6/6