United Bank for Africa - Tabletop Exercise

a) Wait for full confirmation from IT before acting

b) Immediately convene the incident response team and activate the incident response plan

c) Notify all staff to shut down their systems immediately without coordination

d) Escalate only to the CIO and await further direction

a) The Board of Directors

b) The Chief Information Security Officer (CISO) in consultation with the board of directors and senior executives

c) Any IT staff member noticing the issue

d) The external managed service provider

a) Assume all data is stolen

b) Wait for attackers to release data proof

c) Engage the forensics team to analyze network traffic and logs for data exfiltration evidence

d) Contact the regulator to confirm data loss

a) Silence until the attack is fully resolved

b) Publicly deny the incident immediately

c) Allow employees to post clarifications on social media

d) Coordinate internal updates and prepare approved external communication guided by legal and compliance teams

a) Acknowledge the incident, assure investigation and customer protection steps

b) Downplay the incident to avoid panic

c) Share all technical details publicly

d) Redirect media to IT for responses

a) Delay reporting until the ransom deadline

b) Promptly report the incident in line with legal and regulatory requirements

c) Report only after customer data is confirmed leaked

d) Only disclose if compelled by the regulator

a) Immediately pay to restore operations

b) Evaluate payment only after consulting law enforcement, legal counsel, and considering regulatory and ethical implications

c) Refuse payment under all circumstances

d) Let IT decide based on system downtime

a) Use alternative channels like manual processing and communication hotlines to support customers

b) Wait for full system restoration before any response

c) Focus only on recovering systems

d) Blame service providers for the downtime

a) Wait for attackers to release more data before acting

b) Keep the matter confidential to protect reputation

c) Notify affected customers and regulators as per data breach laws

d) Issue a statement denying responsibility

a) Restore from the most recent clean backups and validate system integrity before going live

b) Reconnect encrypted systems to the network immediately

c) Pay the ransom for the decryption key without verification

d) Ignore corrupted backups and start rebuilding systems manually