Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cyber Crime: Preparing Your Organization for the New Normal

Cyber crime is rampant and every organization must prepare itself for the when, not if, they will have a data breach. This presentation was given at Pworld's Crisis Communications Boot Camp in Ottawa, CA June 13, 2019

  • Login to see the comments

  • Be the first to like this

Cyber Crime: Preparing Your Organization for the New Normal

  1. 1. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies
  2. 2. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies CYBER CRIME: Preparing Your Organization for the New Normal Sandra Fathi President, Affect Email: sfathi@affect.com tweet: @sandrafathi web: affect.com blog: techaffect.com Pworld Crisis Communications Ottawa, CA June 13, 2019
  3. 3. PROPRIETARY & CONFIDENTIAL 3@sandrafathi SECURITY EXPERIENCE
  4. 4. PROPRIETARY & CONFIDENTIAL 4@sandrafathi CRISIS EXPERIENCE • Data Breaches, Identity Theft, Website Hacks, Malware (Multiple Companies) • Product Recall for Potential Lead Poisoning (Baby Product) • Hurricane Sandy, Hurricane Irene (ConEd) • Worker Strike, Manhole Cover Explosion, Building Explosion (ConEd) • Hit & Run (By Company Employee) • Sexual Harassment and Executive Misconduct (By CEO) • Executive Arrest for DUI • Terrorist Activity Interrupts Operations (Tech Company) • Foreign Mafia Threats on Executives (Tech Company) • Employee Kidnapping/Release by Militia (Tech Company)
  5. 5. PROPRIETARY & CONFIDENTIAL 5@sandrafathi ANATOMY OF A BREACH How does it start? • IT discovers a breach • Customers alert company regarding an issue • Anonymous post on a social network • Employee finds data for sale on the dark web • A journalist calls • A hacker makes contact
  6. 6. PROPRIETARY & CONFIDENTIAL 6@sandrafathi BASIC INSTINCTS 1. Triage – Stop the bleeding 2. Diagnose – Identify the nature of the breach 3. Investigate – Find the root cause 4. Repair – Implement technical fix 5. Communicate – Inform executive team • Inform legal counsel • Inform marcom • Inform authorities • Inform customers • Inform media Takes too long Doesn’t always happen
  7. 7. PROPRIETARY & CONFIDENTIAL 7@sandrafathi SELF-PRESERVATION Justifications • We don’t know if data was accessed • No critical data was accessed • It’s fixed. We’re out of danger • Very few customers were impacted • We don’t want to bring more attention to it • We don’t know all the facts, so we’ll wait until we do • We don’t want to appear incompetent • We don’t want to lose our jobs, customers, revenue etc.
  8. 8. PROPRIETARY & CONFIDENTIAL 8@sandrafathi ANY INDUSTRY – ANY TIME
  9. 9. PROPRIETARY & CONFIDENTIAL 9@sandrafathi HEADLINE NEWS
  10. 10. PROPRIETARY & CONFIDENTIAL 10@sandrafathi OLD & NEW THREATS
  11. 11. PROPRIETARY & CONFIDENTIAL 11@sandrafathi ALL 50 STATES
  12. 12. PROPRIETARY & CONFIDENTIAL 12@sandrafathi ALL 50 STATES
  13. 13. PROPRIETARY & CONFIDENTIAL 13@sandrafathi WHO’S IN THE ROOM Crisis Drills/Tabletops • Tech Leadership • Executive Leadership • Legal Counsel • Operations • Communications*** Photo Credit: CyberBit
  14. 14. PROPRIETARY & CONFIDENTIAL 14@sandrafathi FOUR PHASES OF CRISIS COMMUNICATION
  15. 15. PROPRIETARY & CONFIDENTIAL 15@sandrafathi I. READINESS Anticipating a Crisis 1. Crisis Mapping (SWOT Analysis) 2. Policies & Procedures (Prevention) 3. Crisis Monitoring 4. Crisis Communications Plan • Crisis Action Plan • Crisis Standard Communications Templates • Crisis Drills Photo Credit: CyberTraining 365 Blog
  16. 16. PROPRIETARY & CONFIDENTIAL 16@sandrafathi THREAT MAPPING HR Sales Marketing Finance IT People Products Facilities Environment Information Other Rank Order High Risk to Low Risk
  17. 17. PROPRIETARY & CONFIDENTIAL CHANNEL MAPPING
  18. 18. PROPRIETARY & CONFIDENTIAL II. RESPONSE 1. Develop materials: • Messages/FAQ • Prepared statements • Press release template • Customer letters 2. Train employees • Awareness • Anticipation • Organizational Preparation 3. Prepare channels: • Hotline • Dark site • Social Media 4. Data Breach/Customer Assistance Resources • Microsite/Landing Page FAQ • Identity Theft Remediation Services • Force Password/Account Information Change • Special Customer Advocate/Team
  19. 19. PROPRIETARY & CONFIDENTIAL PREPARING A RESPONSE 1. Don’t delay 2. Acknowledge situation 3. Acknowledge impact and victims or potential victims 4. Commit to investigate 5. Commit to sharing information and cooperation with relevant parties 6. Share corrective action plan if available 7. Respond in the format in which the crisis was received** @sandrafathi
  20. 20. PROPRIETARY & CONFIDENTIAL PUBLIC BREACH NOTIFICATIONS @sandrafathi 1. What happened? 2. What do we know? 3. Who/what was impacted? 4. How do we feel about it? 5. What are we going to do about it? 6. When are we going to do it? 7. Who is involved in this process? 8. When/how will we communicate next?
  21. 21. PROPRIETARY & CONFIDENTIAL CUSTOMER COMMUNICATION 1. Introduction: Why are we contacting you? 2. What happened? 3. What information was compromised? 4. What are we doing to remedy the situation? 5. What can you do to prevent/mitigate further risk? 6. Where can you find more information? @sandrafathi
  22. 22. PROPRIETARY & CONFIDENTIAL III. REASSURANCE Who to Reassure? - All Stakeholders: Customers, Prospects, Public, Shareholders, Employees, Partners, Media etc. 1. Develop full response plan • Policies & procedures • Technology • People 2. Put plan into action: Immediate remedy 3. Communicate results of plan and impact 4. Reaffirm commitment to correction 5. Demonstrate results of program @sandrafathi
  23. 23. PROPRIETARY & CONFIDENTIAL IV. RECOVERY Rebuilding reputation, trust and customer loyalty Implementing preventative measures for long-term crisis mitigation and/or prevention 1. Review need for operational, regulatory, environmental and employee changes 2. Develop long-term plan including policies and prevention tactics 3. Reassess crisis plan 4. Regain customer/public trust @sandrafathi
  24. 24. PROPRIETARY & CONFIDENTIAL 24@sandrafathi CASE STUDY: EQUIFAX • March – Apache vulnerability discovered, patch issued next day • May-July – Hackers infiltrate Equifax servers with more than 9,000 requests. ~145M records are accessed, nearly 44% of US Population • July 29 – Equifax discovers breach • Sept 7 - Equifax issues public statement • Sept 8 – Equifax shares plunge 13.7% • Sept 12 – CEO apologizes in USA Today Op-Ed • Sept 15 - Equifax announces CIO & CSO are retiring • Sept 21 – Equifax admits sending victims to bogus website ‘securityequifax2017.com’ • Sept 26 – CEO retires • Oct 3 – Former CEO testifies for the first time (of four) in Congress
  25. 25. PROPRIETARY & CONFIDENTIAL 25@sandrafathi MEDIA REACTIONS
  26. 26. PROPRIETARY & CONFIDENTIAL 26@sandrafathi CONSEQUENCES TO DATE • CEO, CIO, CSO ‘Retire’ • 2 employees indicted for insider trading (CIO & Developer) • CEO testifies at 4 Congressional hearings • 8 State bank regulators impose orders for increasing security, auditing and reporting • CA passes law imposes sanctions/fines for each data breach (up to $750 per record, effective Jan 2020) • AL & ND penalties for delayed notifications (60 days/$10K and 45 day/$5K) • Federal bill for FREE credit ‘freeze’ and ‘thaw’ from all three large bureaus (previously $5-$10 each) • 30+ Consumer class action suits
  27. 27. PROPRIETARY & CONFIDENTIAL 27@sandrafathi BEST PRACTICES I 1. Implement Policies to Address Potential Vulnerabilities 2. Establish a Regular Review Cycle for Crisis Preparation 3. Establish Inter-Departmental Cooperation 4. Establish a Framework for Response 5. Build a Crisis Communications Toolkit
  28. 28. PROPRIETARY & CONFIDENTIAL 28@sandrafathi BEST PRACTICES II 6. Know Where & How to Respond 7. Prepare Your Employees in Advance 8. Establish Assistance Services for those Impacted 9. Know the Relevant Legal & Regulatory Requirements 10. Be Honest, Be Transparent
  29. 29. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies Sandra Fathi President, Affect Email: sfathi@affect.com tweet: @sandrafathi web: affect.com blog: techaffect.com Slides Available: Slideshare.net/sfathi

×