SlideShare a Scribd company logo

Cyber Crime: Preparing Your Organization for the New Normal

Sandra Fathi
Sandra Fathi

Cyber crime is rampant and every organization must prepare itself for the when, not if, they will have a data breach. This presentation was given at Pworld's Crisis Communications Boot Camp in Ottawa, CA June 13, 2019

Business
1 of 29
Download to read offline
PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies
PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies CYBER CRIME: Preparing Your Organization for the New Normal Sandra Fathi President, Affect Email: sfathi@affect.com tweet: @sandrafathi web: affect.com blog: techaffect.com Pworld Crisis Communications Ottawa, CA June 13, 2019
PROPRIETARY & CONFIDENTIAL 3@sandrafathi SECURITY EXPERIENCE
PROPRIETARY & CONFIDENTIAL 4@sandrafathi CRISIS EXPERIENCE • Data Breaches, Identity Theft, Website Hacks, Malware (Multiple Companies) • Product Recall for Potential Lead Poisoning (Baby Product) • Hurricane Sandy, Hurricane Irene (ConEd) • Worker Strike, Manhole Cover Explosion, Building Explosion (ConEd) • Hit & Run (By Company Employee) • Sexual Harassment and Executive Misconduct (By CEO) • Executive Arrest for DUI • Terrorist Activity Interrupts Operations (Tech Company) • Foreign Mafia Threats on Executives (Tech Company) • Employee Kidnapping/Release by Militia (Tech Company)
PROPRIETARY & CONFIDENTIAL 5@sandrafathi ANATOMY OF A BREACH How does it start? • IT discovers a breach • Customers alert company regarding an issue • Anonymous post on a social network • Employee finds data for sale on the dark web • A journalist calls • A hacker makes contact
PROPRIETARY & CONFIDENTIAL 6@sandrafathi BASIC INSTINCTS 1. Triage – Stop the bleeding 2. Diagnose – Identify the nature of the breach 3. Investigate – Find the root cause 4. Repair – Implement technical fix 5. Communicate – Inform executive team • Inform legal counsel • Inform marcom • Inform authorities • Inform customers • Inform media Takes too long Doesn’t always happen
PROPRIETARY & CONFIDENTIAL 7@sandrafathi SELF-PRESERVATION Justifications • We don’t know if data was accessed • No critical data was accessed • It’s fixed. We’re out of danger • Very few customers were impacted • We don’t want to bring more attention to it • We don’t know all the facts, so we’ll wait until we do • We don’t want to appear incompetent • We don’t want to lose our jobs, customers, revenue etc.
PROPRIETARY & CONFIDENTIAL 8@sandrafathi ANY INDUSTRY – ANY TIME
PROPRIETARY & CONFIDENTIAL 9@sandrafathi HEADLINE NEWS
PROPRIETARY & CONFIDENTIAL 10@sandrafathi OLD & NEW THREATS
PROPRIETARY & CONFIDENTIAL 11@sandrafathi ALL 50 STATES
PROPRIETARY & CONFIDENTIAL 12@sandrafathi ALL 50 STATES
PROPRIETARY & CONFIDENTIAL 13@sandrafathi WHO’S IN THE ROOM Crisis Drills/Tabletops • Tech Leadership • Executive Leadership • Legal Counsel • Operations • Communications*** Photo Credit: CyberBit
PROPRIETARY & CONFIDENTIAL 14@sandrafathi FOUR PHASES OF CRISIS COMMUNICATION
PROPRIETARY & CONFIDENTIAL 15@sandrafathi I. READINESS Anticipating a Crisis 1. Crisis Mapping (SWOT Analysis) 2. Policies & Procedures (Prevention) 3. Crisis Monitoring 4. Crisis Communications Plan • Crisis Action Plan • Crisis Standard Communications Templates • Crisis Drills Photo Credit: CyberTraining 365 Blog
PROPRIETARY & CONFIDENTIAL 16@sandrafathi THREAT MAPPING HR Sales Marketing Finance IT People Products Facilities Environment Information Other Rank Order High Risk to Low Risk
PROPRIETARY & CONFIDENTIAL CHANNEL MAPPING
PROPRIETARY & CONFIDENTIAL II. RESPONSE 1. Develop materials: • Messages/FAQ • Prepared statements • Press release template • Customer letters 2. Train employees • Awareness • Anticipation • Organizational Preparation 3. Prepare channels: • Hotline • Dark site • Social Media 4. Data Breach/Customer Assistance Resources • Microsite/Landing Page FAQ • Identity Theft Remediation Services • Force Password/Account Information Change • Special Customer Advocate/Team
PROPRIETARY & CONFIDENTIAL PREPARING A RESPONSE 1. Don’t delay 2. Acknowledge situation 3. Acknowledge impact and victims or potential victims 4. Commit to investigate 5. Commit to sharing information and cooperation with relevant parties 6. Share corrective action plan if available 7. Respond in the format in which the crisis was received** @sandrafathi
PROPRIETARY & CONFIDENTIAL PUBLIC BREACH NOTIFICATIONS @sandrafathi 1. What happened? 2. What do we know? 3. Who/what was impacted? 4. How do we feel about it? 5. What are we going to do about it? 6. When are we going to do it? 7. Who is involved in this process? 8. When/how will we communicate next?
PROPRIETARY & CONFIDENTIAL CUSTOMER COMMUNICATION 1. Introduction: Why are we contacting you? 2. What happened? 3. What information was compromised? 4. What are we doing to remedy the situation? 5. What can you do to prevent/mitigate further risk? 6. Where can you find more information? @sandrafathi
PROPRIETARY & CONFIDENTIAL III. REASSURANCE Who to Reassure? - All Stakeholders: Customers, Prospects, Public, Shareholders, Employees, Partners, Media etc. 1. Develop full response plan • Policies & procedures • Technology • People 2. Put plan into action: Immediate remedy 3. Communicate results of plan and impact 4. Reaffirm commitment to correction 5. Demonstrate results of program @sandrafathi
PROPRIETARY & CONFIDENTIAL IV. RECOVERY Rebuilding reputation, trust and customer loyalty Implementing preventative measures for long-term crisis mitigation and/or prevention 1. Review need for operational, regulatory, environmental and employee changes 2. Develop long-term plan including policies and prevention tactics 3. Reassess crisis plan 4. Regain customer/public trust @sandrafathi
PROPRIETARY & CONFIDENTIAL 24@sandrafathi CASE STUDY: EQUIFAX • March – Apache vulnerability discovered, patch issued next day • May-July – Hackers infiltrate Equifax servers with more than 9,000 requests. ~145M records are accessed, nearly 44% of US Population • July 29 – Equifax discovers breach • Sept 7 - Equifax issues public statement • Sept 8 – Equifax shares plunge 13.7% • Sept 12 – CEO apologizes in USA Today Op-Ed • Sept 15 - Equifax announces CIO & CSO are retiring • Sept 21 – Equifax admits sending victims to bogus website ‘securityequifax2017.com’ • Sept 26 – CEO retires • Oct 3 – Former CEO testifies for the first time (of four) in Congress
PROPRIETARY & CONFIDENTIAL 25@sandrafathi MEDIA REACTIONS
PROPRIETARY & CONFIDENTIAL 26@sandrafathi CONSEQUENCES TO DATE • CEO, CIO, CSO ‘Retire’ • 2 employees indicted for insider trading (CIO & Developer) • CEO testifies at 4 Congressional hearings • 8 State bank regulators impose orders for increasing security, auditing and reporting • CA passes law imposes sanctions/fines for each data breach (up to $750 per record, effective Jan 2020) • AL & ND penalties for delayed notifications (60 days/$10K and 45 day/$5K) • Federal bill for FREE credit ‘freeze’ and ‘thaw’ from all three large bureaus (previously $5-$10 each) • 30+ Consumer class action suits
PROPRIETARY & CONFIDENTIAL 27@sandrafathi BEST PRACTICES I 1. Implement Policies to Address Potential Vulnerabilities 2. Establish a Regular Review Cycle for Crisis Preparation 3. Establish Inter-Departmental Cooperation 4. Establish a Framework for Response 5. Build a Crisis Communications Toolkit
PROPRIETARY & CONFIDENTIAL 28@sandrafathi BEST PRACTICES II 6. Know Where & How to Respond 7. Prepare Your Employees in Advance 8. Establish Assistance Services for those Impacted 9. Know the Relevant Legal & Regulatory Requirements 10. Be Honest, Be Transparent
PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies Sandra Fathi President, Affect Email: sfathi@affect.com tweet: @sandrafathi web: affect.com blog: techaffect.com Slides Available: Slideshare.net/sfathi

Recommended

Managing a Hack: Orchestrating Incident Response to Preserve Brand Reputation
Managing a Hack: Orchestrating Incident Response to Preserve Brand ReputationManaging a Hack: Orchestrating Incident Response to Preserve Brand Reputation
Managing a Hack: Orchestrating Incident Response to Preserve Brand ReputationSandra Fathi
 
Telework: Risks, Challenges, Perils, and Successes
Telework: Risks, Challenges, Perils, and SuccessesTelework: Risks, Challenges, Perils, and Successes
Telework: Risks, Challenges, Perils, and SuccessesWilliam Slater III
 
FPRA Capital Chapter: Managing a Hack
FPRA Capital Chapter: Managing a HackFPRA Capital Chapter: Managing a Hack
FPRA Capital Chapter: Managing a HackSandra Fathi
 
Managing a Hack: A Communicator's Guide to a Data Breach
Managing a Hack: A Communicator's Guide to a Data BreachManaging a Hack: A Communicator's Guide to a Data Breach
Managing a Hack: A Communicator's Guide to a Data BreachSandra Fathi
 
Designing Your Product Vision
Designing Your Product VisionDesigning Your Product Vision
Designing Your Product VisionCarina Ngai
 
"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!Shawn Tuma
 
How to Build a Privacy Program
How to Build a Privacy ProgramHow to Build a Privacy Program
How to Build a Privacy ProgramDaniel Ayala
 
Online Community Engagement For Government
Online Community Engagement For GovernmentOnline Community Engagement For Government
Online Community Engagement For GovernmentCharlie Pownall
 

Recommended

Managing a Hack: Orchestrating Incident Response to Preserve Brand Reputation
Managing a Hack: Orchestrating Incident Response to Preserve Brand ReputationManaging a Hack: Orchestrating Incident Response to Preserve Brand Reputation
Managing a Hack: Orchestrating Incident Response to Preserve Brand ReputationSandra Fathi
 
Telework: Risks, Challenges, Perils, and Successes
Telework: Risks, Challenges, Perils, and SuccessesTelework: Risks, Challenges, Perils, and Successes
Telework: Risks, Challenges, Perils, and SuccessesWilliam Slater III
 
FPRA Capital Chapter: Managing a Hack
FPRA Capital Chapter: Managing a HackFPRA Capital Chapter: Managing a Hack
FPRA Capital Chapter: Managing a HackSandra Fathi
 
Managing a Hack: A Communicator's Guide to a Data Breach
Managing a Hack: A Communicator's Guide to a Data BreachManaging a Hack: A Communicator's Guide to a Data Breach
Managing a Hack: A Communicator's Guide to a Data BreachSandra Fathi
 
Designing Your Product Vision
Designing Your Product VisionDesigning Your Product Vision
Designing Your Product VisionCarina Ngai
 
"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!Shawn Tuma
 
How to Build a Privacy Program
How to Build a Privacy ProgramHow to Build a Privacy Program
How to Build a Privacy ProgramDaniel Ayala
 
Online Community Engagement For Government
Online Community Engagement For GovernmentOnline Community Engagement For Government
Online Community Engagement For GovernmentCharlie Pownall
 
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...Sandra Fathi
 
Telework: Risks, Challenges, Perils, and Successes
Telework: Risks, Challenges, Perils, and SuccessesTelework: Risks, Challenges, Perils, and Successes
Telework: Risks, Challenges, Perils, and SuccessesWilliam Slater III
 
100311 social business summit (citi)
100311 social business summit (citi)100311 social business summit (citi)
100311 social business summit (citi)Jaime Punishill
 
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudHow to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudFraudBusters
 
Social Engagement. 15 Tips From The Trenches
Social Engagement. 15 Tips From The TrenchesSocial Engagement. 15 Tips From The Trenches
Social Engagement. 15 Tips From The TrenchesCharlie Pownall
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessBe More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessArt Ocain
 
2_CyberSecurity_2d_ARMA_IG_Panel_7-14-15
2_CyberSecurity_2d_ARMA_IG_Panel_7-14-152_CyberSecurity_2d_ARMA_IG_Panel_7-14-15
2_CyberSecurity_2d_ARMA_IG_Panel_7-14-15Cary Calderone, Esq., CIPP/US
 
The Workplace in the Social Media Age: Confronting the Challenges (and Opport...
The Workplace in the Social Media Age: Confronting the Challenges (and Opport...The Workplace in the Social Media Age: Confronting the Challenges (and Opport...
The Workplace in the Social Media Age: Confronting the Challenges (and Opport...Rudner Law
 
TECHTalks - Buffalo NY - Adam Stotz
TECHTalks - Buffalo NY - Adam StotzTECHTalks - Buffalo NY - Adam Stotz
TECHTalks - Buffalo NY - Adam StotzEagleDream Technologies
 
Recovering from a Social Media Mistake (SMX)
Recovering from a Social Media Mistake (SMX)Recovering from a Social Media Mistake (SMX)
Recovering from a Social Media Mistake (SMX)Sandra Fathi
 
Social Media Breakfast Club And Sysomos Presentation Sept 22 @DrNatalie
Social Media Breakfast Club And Sysomos Presentation Sept 22 @DrNatalieSocial Media Breakfast Club And Sysomos Presentation Sept 22 @DrNatalie
Social Media Breakfast Club And Sysomos Presentation Sept 22 @DrNataliedoctornatalie
 
(Webinar slides) Your client posted What!!? Top Social Media Concerns for Law...
(Webinar slides) Your client posted What!!? Top Social Media Concerns for Law...(Webinar slides) Your client posted What!!? Top Social Media Concerns for Law...
(Webinar slides) Your client posted What!!? Top Social Media Concerns for Law...MyCase Legal Case and Practice Management Software
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Jim Kaplan CIA CFE
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) Jim Kaplan CIA CFE
 
Issues Management In The Digital Age
Issues Management In The Digital AgeIssues Management In The Digital Age
Issues Management In The Digital AgeCharlie Pownall
 
PRSA presentation auditing social media presented by Pete Scott, APR @prscott
PRSA presentation auditing social media presented by Pete Scott, APR @prscott PRSA presentation auditing social media presented by Pete Scott, APR @prscott
PRSA presentation auditing social media presented by Pete Scott, APR @prscott Kevin McGee, MBA
 
Websites are a symptom, not the cause
Websites are a symptom, not the causeWebsites are a symptom, not the cause
Websites are a symptom, not the causeSally Lait
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy ManagementTrustArc
 
Crisis communications in a COVID-19 world
Crisis communications in a COVID-19 worldCrisis communications in a COVID-19 world
Crisis communications in a COVID-19 worldTom Wood
 
News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...Sandra Fathi
 
Women's Leadership Conference: Changing Perceptions to Change Reality
Women's Leadership Conference: Changing Perceptions to Change RealityWomen's Leadership Conference: Changing Perceptions to Change Reality
Women's Leadership Conference: Changing Perceptions to Change RealitySandra Fathi
 

More Related Content

Similar to Cyber Crime: Preparing Your Organization for the New Normal

Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...Sandra Fathi
 
Telework: Risks, Challenges, Perils, and Successes
Telework: Risks, Challenges, Perils, and SuccessesTelework: Risks, Challenges, Perils, and Successes
Telework: Risks, Challenges, Perils, and SuccessesWilliam Slater III
 
100311 social business summit (citi)
100311 social business summit (citi)100311 social business summit (citi)
100311 social business summit (citi)Jaime Punishill
 
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudHow to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudFraudBusters
 
Social Engagement. 15 Tips From The Trenches
Social Engagement. 15 Tips From The TrenchesSocial Engagement. 15 Tips From The Trenches
Social Engagement. 15 Tips From The TrenchesCharlie Pownall
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessBe More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessArt Ocain
 
The Workplace in the Social Media Age: Confronting the Challenges (and Opport...
The Workplace in the Social Media Age: Confronting the Challenges (and Opport...The Workplace in the Social Media Age: Confronting the Challenges (and Opport...
The Workplace in the Social Media Age: Confronting the Challenges (and Opport...Rudner Law
 
Recovering from a Social Media Mistake (SMX)
Recovering from a Social Media Mistake (SMX)Recovering from a Social Media Mistake (SMX)
Recovering from a Social Media Mistake (SMX)Sandra Fathi
 
Social Media Breakfast Club And Sysomos Presentation Sept 22 @DrNatalie
Social Media Breakfast Club And Sysomos Presentation Sept 22 @DrNatalieSocial Media Breakfast Club And Sysomos Presentation Sept 22 @DrNatalie
Social Media Breakfast Club And Sysomos Presentation Sept 22 @DrNataliedoctornatalie
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Jim Kaplan CIA CFE
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) Jim Kaplan CIA CFE
 
Issues Management In The Digital Age
Issues Management In The Digital AgeIssues Management In The Digital Age
Issues Management In The Digital AgeCharlie Pownall
 
PRSA presentation auditing social media presented by Pete Scott, APR @prscott
PRSA presentation auditing social media presented by Pete Scott, APR @prscott PRSA presentation auditing social media presented by Pete Scott, APR @prscott
PRSA presentation auditing social media presented by Pete Scott, APR @prscott Kevin McGee, MBA
 
Websites are a symptom, not the cause
Websites are a symptom, not the causeWebsites are a symptom, not the cause
Websites are a symptom, not the causeSally Lait
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy ManagementTrustArc
 
Crisis communications in a COVID-19 world
Crisis communications in a COVID-19 worldCrisis communications in a COVID-19 world
Crisis communications in a COVID-19 worldTom Wood
 

Similar to Cyber Crime: Preparing Your Organization for the New Normal (20)

Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
Social Shakeup Atlanta: When the Sh*t Hits the Fan - Managing Crises on Socia...
 
Telework: Risks, Challenges, Perils, and Successes
Telework: Risks, Challenges, Perils, and SuccessesTelework: Risks, Challenges, Perils, and Successes
Telework: Risks, Challenges, Perils, and Successes
 
100311 social business summit (citi)
100311 social business summit (citi)100311 social business summit (citi)
100311 social business summit (citi)
 
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory FraudHow to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
How to Use Data Analytics to Detect Fixed Asset and Inventory Fraud
 
Social Engagement. 15 Tips From The Trenches
Social Engagement. 15 Tips From The TrenchesSocial Engagement. 15 Tips From The Trenches
Social Engagement. 15 Tips From The Trenches
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Be More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small BusinessBe More Secure than your Competition: MePush Cyber Security for Small Business
Be More Secure than your Competition: MePush Cyber Security for Small Business
 
2_CyberSecurity_2d_ARMA_IG_Panel_7-14-15
2_CyberSecurity_2d_ARMA_IG_Panel_7-14-152_CyberSecurity_2d_ARMA_IG_Panel_7-14-15
2_CyberSecurity_2d_ARMA_IG_Panel_7-14-15
 
The Workplace in the Social Media Age: Confronting the Challenges (and Opport...
The Workplace in the Social Media Age: Confronting the Challenges (and Opport...The Workplace in the Social Media Age: Confronting the Challenges (and Opport...
The Workplace in the Social Media Age: Confronting the Challenges (and Opport...
 
TECHTalks - Buffalo NY - Adam Stotz
TECHTalks - Buffalo NY - Adam StotzTECHTalks - Buffalo NY - Adam Stotz
TECHTalks - Buffalo NY - Adam Stotz
 
Recovering from a Social Media Mistake (SMX)
Recovering from a Social Media Mistake (SMX)Recovering from a Social Media Mistake (SMX)
Recovering from a Social Media Mistake (SMX)
 
Social Media Breakfast Club And Sysomos Presentation Sept 22 @DrNatalie
Social Media Breakfast Club And Sysomos Presentation Sept 22 @DrNatalieSocial Media Breakfast Club And Sysomos Presentation Sept 22 @DrNatalie
Social Media Breakfast Club And Sysomos Presentation Sept 22 @DrNatalie
 
(Webinar slides) Your client posted What!!? Top Social Media Concerns for Law...
(Webinar slides) Your client posted What!!? Top Social Media Concerns for Law...(Webinar slides) Your client posted What!!? Top Social Media Concerns for Law...
(Webinar slides) Your client posted What!!? Top Social Media Concerns for Law...
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10)
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10)
 
Issues Management In The Digital Age
Issues Management In The Digital AgeIssues Management In The Digital Age
Issues Management In The Digital Age
 
PRSA presentation auditing social media presented by Pete Scott, APR @prscott
PRSA presentation auditing social media presented by Pete Scott, APR @prscott PRSA presentation auditing social media presented by Pete Scott, APR @prscott
PRSA presentation auditing social media presented by Pete Scott, APR @prscott
 
Websites are a symptom, not the cause
Websites are a symptom, not the causeWebsites are a symptom, not the cause
Websites are a symptom, not the cause
 
2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management2019 08-21 Automating Privacy Management
2019 08-21 Automating Privacy Management
 
Crisis communications in a COVID-19 world
Crisis communications in a COVID-19 worldCrisis communications in a COVID-19 world
Crisis communications in a COVID-19 world
 

More from Sandra Fathi

News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...Sandra Fathi
 
Women's Leadership Conference: Changing Perceptions to Change Reality
Women's Leadership Conference: Changing Perceptions to Change RealityWomen's Leadership Conference: Changing Perceptions to Change Reality
Women's Leadership Conference: Changing Perceptions to Change RealitySandra Fathi
 
PR in the Era of Fake News
PR in the Era of Fake NewsPR in the Era of Fake News
PR in the Era of Fake NewsSandra Fathi
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowSandra Fathi
 
Show Me the Money: PR Metrics that Impress the C-Suite
Show Me the Money: PR Metrics that Impress the C-SuiteShow Me the Money: PR Metrics that Impress the C-Suite
Show Me the Money: PR Metrics that Impress the C-SuiteSandra Fathi
 
Flash Fires: Crisis Communications in the Age of NOW
Flash Fires: Crisis Communications in the Age of NOWFlash Fires: Crisis Communications in the Age of NOW
Flash Fires: Crisis Communications in the Age of NOWSandra Fathi
 
Break From the Pack with Data Visualization & Infographics
Break From the Pack with Data Visualization & InfographicsBreak From the Pack with Data Visualization & Infographics
Break From the Pack with Data Visualization & InfographicsSandra Fathi
 
Fear Factor Metrics: PR Metrics Communicators Fear Most
Fear Factor Metrics: PR Metrics Communicators Fear MostFear Factor Metrics: PR Metrics Communicators Fear Most
Fear Factor Metrics: PR Metrics Communicators Fear MostSandra Fathi
 
Trade Secrets Your Agency Isn't Sharing
Trade Secrets Your Agency Isn't SharingTrade Secrets Your Agency Isn't Sharing
Trade Secrets Your Agency Isn't SharingSandra Fathi
 
Bloggers Speak Out: New paid and pitching techniques to score more placement
Bloggers Speak Out: New paid and pitching techniques to score more placement Bloggers Speak Out: New paid and pitching techniques to score more placement
Bloggers Speak Out: New paid and pitching techniques to score more placement Sandra Fathi
 
Data-Driven PR Measurement (eMetrics Chicago)
Data-Driven PR Measurement (eMetrics Chicago)Data-Driven PR Measurement (eMetrics Chicago)
Data-Driven PR Measurement (eMetrics Chicago)Sandra Fathi
 
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, Correlations
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, CorrelationsData-Driven PR Metrics: Share of Voice, Competitive Benchmarking, Correlations
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, CorrelationsSandra Fathi
 
How to Develop a Content Strategy
How to Develop a Content StrategyHow to Develop a Content Strategy
How to Develop a Content StrategySandra Fathi
 
Payback: The ROI of SM & PR Measurement
Payback: The ROI of SM & PR MeasurementPayback: The ROI of SM & PR Measurement
Payback: The ROI of SM & PR MeasurementSandra Fathi
 
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications PlanBefore Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications PlanSandra Fathi
 
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications PlanBefore Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications PlanSandra Fathi
 
PR Measurement Clinic: Assessing the Success of a Communications Strategy
PR Measurement Clinic: Assessing the Success of a Communications StrategyPR Measurement Clinic: Assessing the Success of a Communications Strategy
PR Measurement Clinic: Assessing the Success of a Communications StrategySandra Fathi
 
How to Create an Effective Crisis Communications Plan Before Disaster Strikes
How to Create an Effective Crisis Communications Plan Before Disaster StrikesHow to Create an Effective Crisis Communications Plan Before Disaster Strikes
How to Create an Effective Crisis Communications Plan Before Disaster StrikesSandra Fathi
 
Content Marketing Strategy: How to Engage & Attract Customers
Content Marketing Strategy: How to Engage & Attract Customers Content Marketing Strategy: How to Engage & Attract Customers
Content Marketing Strategy: How to Engage & Attract Customers Sandra Fathi
 
Social Media & PR Content Measurement: How to monitor, measure and demonstrat...
Social Media & PR Content Measurement: How to monitor, measure and demonstrat...Social Media & PR Content Measurement: How to monitor, measure and demonstrat...
Social Media & PR Content Measurement: How to monitor, measure and demonstrat...Sandra Fathi
 

More from Sandra Fathi (20)

News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
News Making Machine - How Story Hijacking & Trend Intervention Can Transform ...
 
Women's Leadership Conference: Changing Perceptions to Change Reality
Women's Leadership Conference: Changing Perceptions to Change RealityWomen's Leadership Conference: Changing Perceptions to Change Reality
Women's Leadership Conference: Changing Perceptions to Change Reality
 
PR in the Era of Fake News
PR in the Era of Fake NewsPR in the Era of Fake News
PR in the Era of Fake News
 
Cyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to KnowCyber Security 101: What Your Agency Needs to Know
Cyber Security 101: What Your Agency Needs to Know
 
Show Me the Money: PR Metrics that Impress the C-Suite
Show Me the Money: PR Metrics that Impress the C-SuiteShow Me the Money: PR Metrics that Impress the C-Suite
Show Me the Money: PR Metrics that Impress the C-Suite
 
Flash Fires: Crisis Communications in the Age of NOW
Flash Fires: Crisis Communications in the Age of NOWFlash Fires: Crisis Communications in the Age of NOW
Flash Fires: Crisis Communications in the Age of NOW
 
Break From the Pack with Data Visualization & Infographics
Break From the Pack with Data Visualization & InfographicsBreak From the Pack with Data Visualization & Infographics
Break From the Pack with Data Visualization & Infographics
 
Fear Factor Metrics: PR Metrics Communicators Fear Most
Fear Factor Metrics: PR Metrics Communicators Fear MostFear Factor Metrics: PR Metrics Communicators Fear Most
Fear Factor Metrics: PR Metrics Communicators Fear Most
 
Trade Secrets Your Agency Isn't Sharing
Trade Secrets Your Agency Isn't SharingTrade Secrets Your Agency Isn't Sharing
Trade Secrets Your Agency Isn't Sharing
 
Bloggers Speak Out: New paid and pitching techniques to score more placement
Bloggers Speak Out: New paid and pitching techniques to score more placement Bloggers Speak Out: New paid and pitching techniques to score more placement
Bloggers Speak Out: New paid and pitching techniques to score more placement
 
Data-Driven PR Measurement (eMetrics Chicago)
Data-Driven PR Measurement (eMetrics Chicago)Data-Driven PR Measurement (eMetrics Chicago)
Data-Driven PR Measurement (eMetrics Chicago)
 
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, Correlations
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, CorrelationsData-Driven PR Metrics: Share of Voice, Competitive Benchmarking, Correlations
Data-Driven PR Metrics: Share of Voice, Competitive Benchmarking, Correlations
 
How to Develop a Content Strategy
How to Develop a Content StrategyHow to Develop a Content Strategy
How to Develop a Content Strategy
 
Payback: The ROI of SM & PR Measurement
Payback: The ROI of SM & PR MeasurementPayback: The ROI of SM & PR Measurement
Payback: The ROI of SM & PR Measurement
 
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications PlanBefore Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
 
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications PlanBefore Disaster Strikes: Creating an Effective Crisis Communications Plan
Before Disaster Strikes: Creating an Effective Crisis Communications Plan
 
PR Measurement Clinic: Assessing the Success of a Communications Strategy
PR Measurement Clinic: Assessing the Success of a Communications StrategyPR Measurement Clinic: Assessing the Success of a Communications Strategy
PR Measurement Clinic: Assessing the Success of a Communications Strategy
 
How to Create an Effective Crisis Communications Plan Before Disaster Strikes
How to Create an Effective Crisis Communications Plan Before Disaster StrikesHow to Create an Effective Crisis Communications Plan Before Disaster Strikes
How to Create an Effective Crisis Communications Plan Before Disaster Strikes
 
Content Marketing Strategy: How to Engage & Attract Customers
Content Marketing Strategy: How to Engage & Attract Customers Content Marketing Strategy: How to Engage & Attract Customers
Content Marketing Strategy: How to Engage & Attract Customers
 
Social Media & PR Content Measurement: How to monitor, measure and demonstrat...
Social Media & PR Content Measurement: How to monitor, measure and demonstrat...Social Media & PR Content Measurement: How to monitor, measure and demonstrat...
Social Media & PR Content Measurement: How to monitor, measure and demonstrat...
 

Recently uploaded

Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxWorkforce Group
 
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...lizamodels9
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdftbatkhuu1
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaShree Krishna Exports
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesDipal Arora
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 

Recently uploaded (20)

Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
 
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdfEvent mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Best Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in IndiaBest Basmati Rice Manufacturers in India
Best Basmati Rice Manufacturers in India
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best ServicesMysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
Mysore Call Girls 8617370543 WhatsApp Number 24x7 Best Services
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 

Cyber Crime: Preparing Your Organization for the New Normal

  • 1. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies
  • 2. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies CYBER CRIME: Preparing Your Organization for the New Normal Sandra Fathi President, Affect Email: sfathi@affect.com tweet: @sandrafathi web: affect.com blog: techaffect.com Pworld Crisis Communications Ottawa, CA June 13, 2019
  • 3. PROPRIETARY & CONFIDENTIAL 3@sandrafathi SECURITY EXPERIENCE
  • 4. PROPRIETARY & CONFIDENTIAL 4@sandrafathi CRISIS EXPERIENCE • Data Breaches, Identity Theft, Website Hacks, Malware (Multiple Companies) • Product Recall for Potential Lead Poisoning (Baby Product) • Hurricane Sandy, Hurricane Irene (ConEd) • Worker Strike, Manhole Cover Explosion, Building Explosion (ConEd) • Hit & Run (By Company Employee) • Sexual Harassment and Executive Misconduct (By CEO) • Executive Arrest for DUI • Terrorist Activity Interrupts Operations (Tech Company) • Foreign Mafia Threats on Executives (Tech Company) • Employee Kidnapping/Release by Militia (Tech Company)
  • 5. PROPRIETARY & CONFIDENTIAL 5@sandrafathi ANATOMY OF A BREACH How does it start? • IT discovers a breach • Customers alert company regarding an issue • Anonymous post on a social network • Employee finds data for sale on the dark web • A journalist calls • A hacker makes contact
  • 6. PROPRIETARY & CONFIDENTIAL 6@sandrafathi BASIC INSTINCTS 1. Triage – Stop the bleeding 2. Diagnose – Identify the nature of the breach 3. Investigate – Find the root cause 4. Repair – Implement technical fix 5. Communicate – Inform executive team • Inform legal counsel • Inform marcom • Inform authorities • Inform customers • Inform media Takes too long Doesn’t always happen
  • 7. PROPRIETARY & CONFIDENTIAL 7@sandrafathi SELF-PRESERVATION Justifications • We don’t know if data was accessed • No critical data was accessed • It’s fixed. We’re out of danger • Very few customers were impacted • We don’t want to bring more attention to it • We don’t know all the facts, so we’ll wait until we do • We don’t want to appear incompetent • We don’t want to lose our jobs, customers, revenue etc.
  • 8. PROPRIETARY & CONFIDENTIAL 8@sandrafathi ANY INDUSTRY – ANY TIME
  • 9. PROPRIETARY & CONFIDENTIAL 9@sandrafathi HEADLINE NEWS
  • 10. PROPRIETARY & CONFIDENTIAL 10@sandrafathi OLD & NEW THREATS
  • 11. PROPRIETARY & CONFIDENTIAL 11@sandrafathi ALL 50 STATES
  • 12. PROPRIETARY & CONFIDENTIAL 12@sandrafathi ALL 50 STATES
  • 13. PROPRIETARY & CONFIDENTIAL 13@sandrafathi WHO’S IN THE ROOM Crisis Drills/Tabletops • Tech Leadership • Executive Leadership • Legal Counsel • Operations • Communications*** Photo Credit: CyberBit
  • 14. PROPRIETARY & CONFIDENTIAL 14@sandrafathi FOUR PHASES OF CRISIS COMMUNICATION
  • 15. PROPRIETARY & CONFIDENTIAL 15@sandrafathi I. READINESS Anticipating a Crisis 1. Crisis Mapping (SWOT Analysis) 2. Policies & Procedures (Prevention) 3. Crisis Monitoring 4. Crisis Communications Plan • Crisis Action Plan • Crisis Standard Communications Templates • Crisis Drills Photo Credit: CyberTraining 365 Blog
  • 16. PROPRIETARY & CONFIDENTIAL 16@sandrafathi THREAT MAPPING HR Sales Marketing Finance IT People Products Facilities Environment Information Other Rank Order High Risk to Low Risk
  • 18. PROPRIETARY & CONFIDENTIAL II. RESPONSE 1. Develop materials: • Messages/FAQ • Prepared statements • Press release template • Customer letters 2. Train employees • Awareness • Anticipation • Organizational Preparation 3. Prepare channels: • Hotline • Dark site • Social Media 4. Data Breach/Customer Assistance Resources • Microsite/Landing Page FAQ • Identity Theft Remediation Services • Force Password/Account Information Change • Special Customer Advocate/Team
  • 19. PROPRIETARY & CONFIDENTIAL PREPARING A RESPONSE 1. Don’t delay 2. Acknowledge situation 3. Acknowledge impact and victims or potential victims 4. Commit to investigate 5. Commit to sharing information and cooperation with relevant parties 6. Share corrective action plan if available 7. Respond in the format in which the crisis was received** @sandrafathi
  • 20. PROPRIETARY & CONFIDENTIAL PUBLIC BREACH NOTIFICATIONS @sandrafathi 1. What happened? 2. What do we know? 3. Who/what was impacted? 4. How do we feel about it? 5. What are we going to do about it? 6. When are we going to do it? 7. Who is involved in this process? 8. When/how will we communicate next?
  • 21. PROPRIETARY & CONFIDENTIAL CUSTOMER COMMUNICATION 1. Introduction: Why are we contacting you? 2. What happened? 3. What information was compromised? 4. What are we doing to remedy the situation? 5. What can you do to prevent/mitigate further risk? 6. Where can you find more information? @sandrafathi
  • 22. PROPRIETARY & CONFIDENTIAL III. REASSURANCE Who to Reassure? - All Stakeholders: Customers, Prospects, Public, Shareholders, Employees, Partners, Media etc. 1. Develop full response plan • Policies & procedures • Technology • People 2. Put plan into action: Immediate remedy 3. Communicate results of plan and impact 4. Reaffirm commitment to correction 5. Demonstrate results of program @sandrafathi
  • 23. PROPRIETARY & CONFIDENTIAL IV. RECOVERY Rebuilding reputation, trust and customer loyalty Implementing preventative measures for long-term crisis mitigation and/or prevention 1. Review need for operational, regulatory, environmental and employee changes 2. Develop long-term plan including policies and prevention tactics 3. Reassess crisis plan 4. Regain customer/public trust @sandrafathi
  • 24. PROPRIETARY & CONFIDENTIAL 24@sandrafathi CASE STUDY: EQUIFAX • March – Apache vulnerability discovered, patch issued next day • May-July – Hackers infiltrate Equifax servers with more than 9,000 requests. ~145M records are accessed, nearly 44% of US Population • July 29 – Equifax discovers breach • Sept 7 - Equifax issues public statement • Sept 8 – Equifax shares plunge 13.7% • Sept 12 – CEO apologizes in USA Today Op-Ed • Sept 15 - Equifax announces CIO & CSO are retiring • Sept 21 – Equifax admits sending victims to bogus website ‘securityequifax2017.com’ • Sept 26 – CEO retires • Oct 3 – Former CEO testifies for the first time (of four) in Congress
  • 25. PROPRIETARY & CONFIDENTIAL 25@sandrafathi MEDIA REACTIONS
  • 26. PROPRIETARY & CONFIDENTIAL 26@sandrafathi CONSEQUENCES TO DATE • CEO, CIO, CSO ‘Retire’ • 2 employees indicted for insider trading (CIO & Developer) • CEO testifies at 4 Congressional hearings • 8 State bank regulators impose orders for increasing security, auditing and reporting • CA passes law imposes sanctions/fines for each data breach (up to $750 per record, effective Jan 2020) • AL & ND penalties for delayed notifications (60 days/$10K and 45 day/$5K) • Federal bill for FREE credit ‘freeze’ and ‘thaw’ from all three large bureaus (previously $5-$10 each) • 30+ Consumer class action suits
  • 27. PROPRIETARY & CONFIDENTIAL 27@sandrafathi BEST PRACTICES I 1. Implement Policies to Address Potential Vulnerabilities 2. Establish a Regular Review Cycle for Crisis Preparation 3. Establish Inter-Departmental Cooperation 4. Establish a Framework for Response 5. Build a Crisis Communications Toolkit
  • 28. PROPRIETARY & CONFIDENTIAL 28@sandrafathi BEST PRACTICES II 6. Know Where & How to Respond 7. Prepare Your Employees in Advance 8. Establish Assistance Services for those Impacted 9. Know the Relevant Legal & Regulatory Requirements 10. Be Honest, Be Transparent
  • 29. PROPRIETARY & CONFIDENTIAL March 4, 2010Affect Strategies Sandra Fathi President, Affect Email: sfathi@affect.com tweet: @sandrafathi web: affect.com blog: techaffect.com Slides Available: Slideshare.net/sfathi