You might think your corporate email accounts are safe enough, maybe you have a decent password policy, and your email service does a pretty good job of filtering suspicious emails and malicious URLs. Still, there are ways attackers could gain access, and the playing field isn’t level, cybersecurity threats are [...]
In recent years more and more data breaches seem to have reached world-wide publicity. Rightly so: after all, most companies collect and store vast amounts of PII for their services (see all the GDPR scare and hissy fit for proof), thus a compromise usually means the loss, or worse, the possible theft and abuse of highly sensitive personal data. In other words: many people are put in the awkward position, where they know they should be worried and are angry with the company – even though the victim of the actual crime is the company itself. I find this modern sociological phenomenon fascinating; and when the CEO-s, representatives and communication people of said companies clash with their customers during a case like this is usually even more interesting. Sometimes I honestly get the feeling that most companies still haven’t realised that being “hacked” (more precisely, being a victim of any kind of cyber-crime, be it a financially motivated ransomware or a sophisticated case of corporate espionage) is not a question of “if”, it is a question of “when”. Therefore, my friend and colleague, Janos and I decided to take a look at the way large corporations handle this unique PR situation – only to find that they usually do not handle it well at all. So, we took the worst of the worst and tried to analyse and compare them, in order to determine the DOs, and especially the DON’Ts of cyber incident communication. And though our findings seem completely obvious, even recent examples seem to prove that this needs to be thought through – because when the storm hits, there will be no time for that. (All right, we did put in some good examples as well – they do exist, you know! Just take the Maersk case in 2017, or Norsk Hydro this March. And some say you do not even have to have “rsk” in your company name to get it right!) This was the presentation we delivered on the Start-up Safari event in April, to a room full of (by the end at least) interested and interactive youngsters, and it was excellent fun. Many thanks to the organisers, and our great audience – we really hope to see you again next year!
Incident – Ryuk We have recently been contacted by a company in the CE region to do incident response for them. Like with many incidents in the past couple of ...
You might think your corporate email accounts are safe enough, maybe you have a decent password policy, and your email service does a pretty good job of filtering suspicious emails and malicious URLs. Still, there are ways attackers could gain access, and the playing field isn’t level, cybersecurity threats are asymmetric. Meaning an attacker wins ...