Managing Customer Communications in a Cybersecurity

Managing Customer Communications
in a Cybersecurity Crisis
March 2, 2016
Nicole Miller, WE Communications
Senior Vice President, Cybersecurity & Issues Management
Conflict of Interest
Nicole Miller
Has no real or apparent conflicts of interest to report.
Agenda
•
•
•
•
Introduction
The Media News Cycle
Creating a Playbook
Questions
Learning Objectives
 Construct a cybersecurity incident response playbook
 Identify how to engage cybersecurity media to better influence
positive outcomes
 Prepare for a cybersecurity breach by developing a communications
plan
 Distinguish where your organization is at in the cybersecurity news
cycle and execute your plan accordingly
 Distinguish your technical, legal and executive platforms so you can
properly activate them
STEPS: Electronic Secure Data
Attacks & Media
Coverage
10-fold increase in
cybersecurity-focused
stories in the last
four years
Perception
12% decrease in
customer trust
after a breach
Two-factor authentication oversight led to JPMorgan breach, inve
Hackers Break Into Server for Obamacare
‘Cyber Caliphate’ hacks Malaysia Airlines website
S attacks at random IP addresses
JPMorgan Chase
due to
miss
Health insurer Anthem
hithack
by
ha
Flash
Patch
Targets
Zero-Day
Exploit
Microsoft Fixes Dangerous
Sandworm
Zero-Days
Used
in APT
Thieves
ATMs
With
‘Black
Attack
Anthem
of Box’
E-mail
Scam
InAttacks
Wake Of Data Bre
Hackers Steal
Up
To $1Jackpot
BillionWarns
From
Banks
se
Hackers
Hijack
Forbes
Website
to
Spread
Malware:
Report
tor authentication oversight
ledSony
to JPMorgan
breach,
investigators
reportedly
found
Researcher
blames
vulnerable
code
re-use
for
zero-day
in Help
Android’s
HackersOracle
Reportedly
Used
A169
Zero
Day
Vulnerability
How
PCI
DSS
3.0
Can
S
issues critical patch
update:
new
security
fixes
JPMorgan Chase
hack
due to
missing 2-factor authentication
on
one server
Health
insurer
Anthem
hit
by
hackers,
up
to
80
million
rec
XSS
Vulnerability
in
s iCloud Passwords
JPMorgan
Hack
Exposed
Data
of 83 Million,
Among Biggest Breaches in His
‘Cyber
Caliphate’
hacks
Malaysia
Airlines
website
Chinese Hackers Hijack Forbes Website to Spread Malware
19,000 French
websites
hit by DDoS,
defaced
in wake
of terror
attack
tch
Zero-Day
ThievesTargets
Jackpot ATMs With
‘Black Box’ Attack Exploit
se cannon admits DDoSing
social
services
and housing
websites
Al
Jazeera
Wrests
Back
Its
Web
Si
Anarchist
hackers
start
cyber
war
with
IS
lames
vulnerable
code
re-use
for
zero-day
in
Android’s
CyanogenMod
Apple
Blocks
Tool
That
Brute-forces
iCloud
Passwords
ackers
Reportedly
Used
A
Zero
Day
Vulnerability
How
PCI
DSS
3.0
Can
Help
Stop
Data
Breaches
Oracle
issues critical
patch
update: 169 new
security
fixes
Bugzilla
zero-day
can
reveal
zero-day
vulnerabilities
in
top
open-source
projects
19,000 Fr
patch
update:
169 new
security fixes
tgan
Fixes
Dangerous
Sandworm
Zero-Days
Used
in
APT
Attacks
XSS
Vulnerability
in
IE
could
lead
to
phishing
attacks
Hackers
Steal Up
To
$1Data
Billion
From
Banks
Anthem
Warns
of
E-mail
Scam
In
Wake
Of
Breach
Newsweek
Twitter
account
hacked
by
‘CyberCaliphate’
Anonymous
loose
cannon
admits
DDoSing
Hack Exposed Data of 83 Million, Among Biggest Breaches in History
XSS
Vulnerability
in
IE
could
lead
to
phishing
attacksvulnerabilities
Day
Vulnerability
Bugzilla
zero-day
can
reveal zero-day
in topAirlines
open-s
issues
critical
patch update:
169
new
security
fixes
‘Cyber Caliphate’ hacks Malaysia
website
nother Flash Patch Fixes Zero-Day Flaw
k Into Server for Obamacare Website: U.S. Of
Jobs’s revenge: Flash piles up the zero-day e
Chinese Hackers
Forbes
Website
to Spread
Malware:
Report4.found
ion oversight led to JPMorgan
breach,
investigators
reportedly
HackHijack
of Community
Health
Systems
Affects
Million
Patients
Anonymous
targets ISIS social media, recruitment drives
Flaw in MacBookH
E
Uses
Forbes.comWrests
As Watering
Hole
Al
Jazeera
Back
Its
Web
Sites
From
Pro-Assad
JPMorgan
Chase
hack
due to
missing
2-factor
authentication
on
one server
alth
insurer
hit
by
hackers,
up
to
80
million
records
expo
o-day
can
reveal
zero-day
vulnerabilities
in
top
open-source
projects
Apple
BlocksAnthem
Tool
That
Brute-forces
iCloud
Passwords
Newsweek
Twitter
acc
Carbanak
Hackers
Target
Banksvia19,000
in
$1bn Attack
Campaign
BankFrom
Hackers Steal Millions
Malware
ail
ticalScams
“Ghost”Back
allowing code
execution
affects
mostMalaysia
Linux
systems
French websites hit
by DDoS, Hackers
defaced in wake oflinked
terror attack to spy too
‘Cyber
Caliphate’
hacks
Airlines website
ests
Its
Web
Sites
Pro-Assad
Infamous
Regin
malware
ero-Day
Exploit
‘Black Box’ Attack Anonymous loose cannon admits DDoSing social services and housing web
Chinese
Hacking
Group
Team Uses Forbes.com As Waterin
Major Data Breach
at Staples
Stems FromCodoso
POS
ble
code
re-use
zero-day
in Help
Android’s
CyanogenMod
lash
piles
up
the
exploits
Cybersecurity concerns fuel M
y Used
A Zero
Day for
Vulnerability
w
PCI
DSS
3.0
Can
Stop
Data
Breaches
FBI:zero-day
Businesses
$215M
Email boot
Scams
Flaw
in Lost
MacBook
EFIto
allows
ROM malware
Community Health Systems Affects 4. Million
Patients
Anonymous
targets ISIS social media, recruitment drives in #OpISIS campaign
Yet Another Flash
erbolt devices
can infect MacBooks with p
Staples confirms 1.2 million cards lost in breach
Java
Patch
Plugs
19
Se
nymous
loose cannon
admits
DDoSing
social
services
and
housing
websites
Yet
Another
Flash
Patch
Fixes
Zer
Dutch
Government
Website
Outage
Caused
by
C
wall
of
China
blasts
DDoS
attacks
at
random
IP
addresses
es
up
the
zero-day
exploits
Anarchist
hackers
start
cy
an
infect
MacBooks
with
persistent
rootkits
Microsoft
Fixes
Dangerous
Sandworm
Zero-D
sconfirms
in $1bn
Attack
Campaign
million
cards
lost
in breach
Infamous1.2
Regin
malware
linked
to spy
toolshacking
used by NSA,
Fivesteal
Eyes intelligence
Carbanak
group
$1 billion from banks
Highly critical “Ghost” allowing code execution affects most
patch update: 169 new security fixes
XSS
Vulnerability
in
IE
toFrom
phishing
attacks
Hackers
Steal
Uplead
To $1
Billion
Banks
Newsweek
Twitter
account
hacked
by ‘CyberCaliphate’
Target
Banks
in
$1bnBiggest
Attack
Campaign
dsBank
Data
of 83
Among
Breaches
in
History
Hackers
StealMillion,
Millions via Malware
Great
Firewall
ofcould
China
blasts
DDoS
attacks
at random IP aM
Infamous Regin malware linked to spy tools used by NSA, Five Eyes intelligence
Chinese Hackers Hijack Forbes Website to Spread Malware: Report
acking Group Codoso Team Uses Forbes.com As Watering Hole
ishing
Cybersecurity concerns fuel MSSPs, managed security market
cks
Tool ThatScams
Brute-forces iCloud Passwords
Businesses
Lost $215M toHighly
Email
criticalScams
“Ghost” allowing
most
Linux
19,000code
Frenchexecution
websites hitaffects
by DDoS,
defaced
in systems
wake of terror attack
Major Data Breach at Staples Stems From POS
Hacked Hotel Phones Fueled
tems Affects 4. Million
Patients
Anonymous
targets ISIS social media, recruitment drives in #OpISIS campaign
Bank Phishing Scams
Flaw in MacBook EFI allows boot ROM malware
Newsweek Twitter account hacked by ‘CyberCaliphate’
ia Malware
Codoso
Team
Uses Forbes.com
AsOutage
WateringCaused
Hole
Dutch
Government
Website
by Cyber
Attack
Hotel
Phones
Fueled
Bank
Phishing
Scams
Cybersecurity
concerns
fuel
MSSPs,
managed
security
market
$215M toHighly
Email
criticalScams
“Ghost” allowing code execution affects most Linux systems
va
Patch
Plugs 19 Website:
Security
to Server
for Obamacare
U.S.Holes
Officia
Anarchist
hackers
start
cyber
war
with
ISIS
Sony
hackers
exploited
a
zero-d
Microsoft Fixes Dangerous Sandworm Zero-Days Used in APT Attacks
Yet Another Flash Patch Fixes Zero-Day
atch Plugs
19 hackers
Security
Holes
Anarchist
start cyber
war with ISIS
Major Data Breach at Staples Stems From POS
aanak
blasts
DDoS attacks
at random
IP addresses
hacking
group
steal
$1
billion
from
banks
worldwide
Microsoft
Fixes
Dangerous
Sandworm
Zero-Days Used in APT Attacks
vernment
Website
Outage
Caused
by
Cyber
Attack
otel Phones Fueled Bank Phishing Scams
Today’s Cybersecurity News Cycle
TECHNOLOGY
BUSINESS
CONSUMER
POLICY
Key insights
Tips and tricks
 News doesn’t wait for chain of
command – time is critical
 Centralized communications
 You likely don’t have all the
information others on the outside
do
 Although lacking information, you
still need to communicate. If you
don’t insert your message here,
credibility is hard to get back.
 Deep technical situational
awareness
 Manage internal information flow
 Spokesperson identification
32%
More negative coverage
when a company is not
quoted in articles about
their own security
event.
-3.00
-2.00
-1.00
Coverage Sentiment
DISMISSIVE
0.00
Key insights
Tips and tricks
 No participation = 32% lower
sentiment
 Trust the maturity of your
audience
 Use a spokesperson = 40%
more shares
 Focus on technical messages
and deliver credible attribution
 Attribution is the best message
you can deliver
 Maintain landscape awareness –
refresh browser often!
 Prepare to manage multiple
audiences
VENDOR
Ryan Naraine
Kaspersky Labs
David DeWalt
FireEye
CORPORATE
Feng Xue
David Litchfield
RESEARCHER
Wolfgang Kandek
Qualys
Dan Kaminsky
Whiteops
GOVERNMENT
Andy Ozment
Department of Homeland
Security (DHS)
Timothy Wallach
Federal Bureau of
Investigation (FBI)
Key insights
Tips and tricks
 Analysis phase is the longest
and skews most negative for you
 Stay invested in the cycle
 Security experts and industry of
fear drops sentiment by 11%
 Don’t spin but find experts to
support you and provide balance
 Have a proportional response
 Expert opinion = 200% more
shares
Key insights
Tips and tricks
 News needs to have an ending
 Be bold about taking care of your
customers
 Resolution = most positive
 Customers need closure long
after the media have moved on
 Fight the instinct to close the
door on the crisis
 Assist law enforcement to find
attackers
Key insights
Tips and tricks
 Stories never die, they just go to
sleep
 Reiterate your resolution story
 Tell the ending of your own story.
If not, long tail coverage will
focus on what broke, not how
you fixed it
 When dictated by circumstances,
take leadership
 Remind your customers that you
are better than before
Today’s Cybersecurity News Cycle
We are often faced with the choice of whether we
parachute in a number of reporters to cover a breach
like we did with
.
A company’s initial response helps to determine the
route we take.”
STEPS: Electronic Secure Data
Attacks & Media
Coverage
10-fold increase in
cybersecurity-focused
stories in the last
four years
Perception
12% decrease in
customer trust
after a breach
Thank you.
Nicole Miller
NicoleM@we-worldwide.com
@nicolecmiller