Managing Customer Communications in a Cybersecurity Crisis March 2, 2016

Nicole Miller, WE Communications Senior Vice President, Cybersecurity & Issues Management

Conflict of Interest

Nicole Miller

Has no real or apparent conflicts of interest to report.

• Introduction

• The Media News Cycle

• Creating a Playbook

• Questions

Agenda

Learning Objectives

Construct a cybersecurity incident response playbook

Identify how to engage cybersecurity media to better influence

positive outcomes

Prepare for a cybersecurity breach by developing a communications

plan

Distinguish where your organization is at in the cybersecurity news

cycle and execute your plan accordingly

Distinguish your technical, legal and executive platforms so you can

properly activate them

STEPS: Electronic Secure Data

Perception 12% decrease in customer trust after a breach

Attacks & Media Coverage

10-fold increase in cybersecurity-focused

stories in the last four years

Major Data Breach at Staples Stems From POS

Thieves Jackpot ATMs With ‘Black Box’ Attack

JPMorgan Chase hack due to missing 2-factor authentication on one server

‘Cyber Caliphate’ hacks Malaysia Airlines website

Hacked Hotel Phones Fueled Bank Phishing Scams

Anthem Warns of E-mail Scam In Wake Of Data Breach

FBI: Businesses Lost $215M to Email Scams

Bank Hackers Steal Millions via Malware

Chinese Hackers Hijack Forbes Website to Spread Malware: Report

Sony Hackers Reportedly Used A Zero Day Vulnerability XSS Vulnerability in IE could lead to phishing attacks

Highly critical “Ghost” allowing code execution affects most Linux systems

Anonymous loose cannon admits DDoSing social services and housing websites

Great Firewall of China blasts DDoS attacks at random IP addresses

19,000 French websites hit by DDoS, defaced in wake of terror attack

Hackers Steal Up To $1 Billion From Banks

Apple Blocks Tool That Brute-forces iCloud Passwords

Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole

Health insurer Anthem hit by hackers, up to 80 million records exposed

Anarchist hackers start cyber war with ISIS

Newsweek Twitter account hacked by ‘CyberCaliphate’

Yet Another Flash Patch Fixes Zero-Day Flaw

Carbanak hacking group steal $1 billion from banks worldwide

Dutch Government Website Outage Caused by Cyber Attack

Flash Patch Targets Zero-Day Exploit

Java Patch Plugs 19 Security Holes

How PCI DSS 3.0 Can Help Stop Data Breaches

Thunderbolt devices can infect MacBooks with persistent rootkits

Flaw in MacBook EFI allows boot ROM malware Hack of Community Health Systems Affects 4. Million Patients

JPMorgan Hack Exposed Data of 83 Million, Among Biggest Breaches in History

Al Jazeera Wrests Back Its Web Sites From Pro-Assad Hackers

Hackers Break Into Server for Obamacare Website: U.S. Officials

Carbanak Hackers Target Banks in $1bn Attack Campaign

Staples confirms 1.2 million cards lost in breach

Jobs’s revenge: Flash piles up the zero-day exploits

Sony hackers exploited a zero-day

vulnerability

Cybersecurity concerns fuel MSSPs, managed security market

Anonymous targets ISIS social media, recruitment drives in #OpISIS campaign

Oracle issues critical patch update: 169 new security fixes

Infamous Regin malware linked to spy tools used by NSA, Five Eyes intelligence

Bugzilla zero-day can reveal zero-day vulnerabilities in top open-source projects

Microsoft Fixes Dangerous Sandworm Zero-Days Used in APT Attacks

Researcher blames vulnerable code re-use for zero-day in Android’s CyanogenMod

Oracle issues critical patch update: 169 new security fixes

Two-factor authentication oversight led to JPMorgan breach, investigators reportedly found Microsoft Fixes Dangerous Sandworm Zero-Days Used in APT Attacks

Major Data Breach at Staples Stems From POS

Thieves Jackpot ATMs With ‘Black Box’ Attack

JPMorgan Chase hack due to missing 2-factor authentication on one server

‘Cyber Caliphate’ hacks Malaysia Airlines website

Hacked Hotel Phones Fueled Bank Phishing Scams

Anthem Warns of E-mail Scam In Wake Of Data Breach

FBI: Businesses Lost $215M to Email Scams

Bank Hackers Steal Millions via Malware

Chinese Hackers Hijack Forbes Website to Spread Malware: Report

Sony Hackers Reportedly Used A Zero Day Vulnerability XSS Vulnerability in IE could lead to phishing attacks

Highly critical “Ghost” allowing code execution affects most Linux systems

Anonymous loose cannon admits DDoSing social services and housing websites

Great Firewall of China blasts DDoS attacks at random IP addresses

19,000 French websites hit by DDoS, defaced in wake of terror attack

Hackers Steal Up To $1 Billion From Banks

Apple Blocks Tool That Brute-forces iCloud Passwords

Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole

Health insurer Anthem hit by hackers, up to 80 million records exposed

Anarchist hackers start cyber war with ISIS

Newsweek Twitter account hacked by ‘CyberCaliphate’

Yet Another Flash Patch Fixes Zero-Day Flaw

Carbanak hacking group steal $1 billion from banks worldwide

Dutch Government Website Outage Caused by Cyber Attack

Flash Patch Targets Zero-Day Exploit

Java Patch Plugs 19 Security Holes

How PCI DSS 3.0 Can Help Stop Data Breaches

Thunderbolt devices can infect MacBooks with persistent rootkits

Flaw in MacBook EFI allows boot ROM malware Hack of Community Health Systems Affects 4. Million Patients

JPMorgan Hack Exposed Data of 83 Million, Among Biggest Breaches in History

Al Jazeera Wrests Back Its Web Sites From Pro-Assad Hackers

Hackers Break Into Server for Obamacare Website: U.S. Officials

Carbanak Hackers Target Banks in $1bn Attack Campaign

Staples confirms 1.2 million cards lost in breach

Jobs’s revenge: Flash piles up the zero-day exploits

Sony hackers exploited a zero-day vulnerability

Cybersecurity concerns fuel MSSPs, managed security market

Anonymous targets ISIS social media, recruitment drives in #OpISIS campaign

Oracle issues critical patch update: 169 new security fixes

Infamous Regin malware linked to spy tools used by NSA, Five Eyes intelligence

Bugzilla zero-day can reveal zero-day vulnerabilities in top open-source projects

Microsoft Fixes Dangerous Sandworm Zero-Days Used in APT Attacks

Researcher blames vulnerable code re-use for zero-day in Android’s CyanogenMod

Oracle issues critical patch update: 169 new security fixes

Two-factor authentication oversight led to JPMorgan breach, investigators reportedly found

Microsoft Fixes Dangerous Sandworm Zero-Days Used in APT Attacks

Major Data Breach at Staples Stems From POS

Thieves Jackpot ATMs With ‘Black Box’ Attack

JPMorgan Chase hack due to missing 2-factor authentication on one server

‘Cyber Caliphate’ hacks Malaysia Airlines website

Hacked Hotel Phones Fueled Bank Phishing Scams

Anthem Warns of E-mail Scam In Wake Of Data Breach

FBI: Businesses Lost $215M to Email Scams

Bank Hackers Steal Millions via Malware

Chinese Hackers Hijack Forbes Website to Spread Malware: Report

Sony Hackers Reportedly Used A Zero Day Vulnerability XSS Vulnerability in IE could lead to phishing attacks

Highly critical “Ghost” allowing code execution affects most Linux systems

Anonymous loose cannon admits DDoSing social services and housing websites

Great Firewall of China blasts DDoS attacks at random IP addresses

19,000 French websites hit by DDoS, defaced in wake of terror attack

Hackers Steal Up To $1 Billion From Banks

Apple Blocks Tool That Brute-forces iCloud Passwords

Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole

Health insurer Anthem hit by hackers, up to 80 million records exposed

Anarchist hackers start cyber war with ISIS

Newsweek Twitter account hacked by ‘CyberCaliphate’

Yet Another Flash Patch Fixes Zero-Day Flaw

Carbanak hacking group steal $1 billion from banks worldwide

Dutch Government Website Outage Caused by Cyber Attack

Flash Patch Targets Zero-Day Exploit

Java Patch Plugs 19 Security Holes

How PCI DSS 3.0 Can Help Stop Data Breaches

Thunderbolt devices can infect MacBooks with persistent rootkits

Flaw in MacBook EFI allows boot ROM malware Hack of Community Health Systems Affects 4. Million Patients

JPMorgan Hack Exposed Data of 83 Million, Among Biggest Breaches in History

Al Jazeera Wrests Back Its Web Sites From Pro-Assad Hackers

Hackers Break Into Server for Obamacare Website: U.S. Officials Carbanak Hackers Target Banks in $1bn Attack Campaign

Staples confirms 1.2 million cards lost in breach

Jobs’s revenge: Flash piles up the zero-day exploits

Sony hackers exploited a zero-day vulnerability

Cybersecurity concerns fuel MSSPs, managed security market

Anonymous targets ISIS social media, recruitment drives in #OpISIS campaign

Oracle issues critical patch update: 169 new security fixes

Infamous Regin malware linked to spy tools used by NSA, Five Eyes intelligence

Bugzilla zero-day can reveal zero-day vulnerabilities in top open-source projects

Microsoft Fixes Dangerous Sandworm Zero-Days Used in APT Attacks

Researcher blames vulnerable code re-use for zero-day in Android’s CyanogenMod

Oracle issues critical patch update: 169 new security fixes

Two-factor authentication oversight led to JPMorgan breach, investigators reportedly found Microsoft Fixes Dangerous Sandworm Zero-Days Used in APT Attacks

Major Data Breach at Staples Stems From POS

Thieves Jackpot ATMs With ‘Black Box’ Attack

JPMorgan Chase hack due to missing 2-factor authentication on one server

‘Cyber Caliphate’ hacks Malaysia Airlines website

Hacked Hotel Phones Fueled Bank Phishing Scams

Anthem Warns of E-mail Scam In Wake Of Data Breach

FBI: Businesses Lost $215M to Email Scams

Bank Hackers Steal Millions via Malware

Chinese Hackers Hijack Forbes Website to Spread Malware: Report

Sony Hackers Reportedly Used A Zero Day Vulnerability XSS Vulnerability in IE could lead to phishing attacks

Highly critical “Ghost” allowing code execution affects most Linux systems

Anonymous loose cannon admits DDoSing social services and housing websites

Great Firewall of China blasts DDoS attacks at random IP addresses

19,000 French websites hit by DDoS, defaced in wake of terror attack

Hackers Steal Up To $1 Billion From Banks

Apple Blocks Tool That Brute-forces iCloud Passwords

Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole

Health insurer Anthem hit by hackers, up to 80 million records exposed

Anarchist hackers start cyber war with ISIS Newsweek Twitter account hacked by ‘CyberCaliphate’

Yet Another Flash Patch Fixes Zero-Day Flaw

Today’s Cybersecurity News Cycle

T E C H N O L O G Y B U S I N E S S C O N S U M E R P O L I C Y

Key insights Tips and tricks

News doesn’t wait for chain of

command – time is critical

You likely don’t have all the

information others on the outside

do

Although lacking information, you

still need to communicate. If you

don’t insert your message here,

credibility is hard to get back.

Centralized communications

Deep technical situational

awareness

Manage internal information flow

Spokesperson identification

32% More negative coverage

when a company is not

quoted in articles about

their own security

event.

-3.0

0

-2.0

0

-1.0

0

0.0

0

Co

vera

ge S

en

tim

en

t

DIS

MIS

SIV

E

Key insights Tips and tricks

No participation = 32% lower

sentiment

Use a spokesperson = 40%

more shares

Attribution is the best message

you can deliver

Prepare to manage multiple

audiences

Trust the maturity of your

audience

Focus on technical messages

and deliver credible attribution

Maintain landscape awareness –

refresh browser often!

GOVERNMENT CORPORATE

VENDOR RESEARCHER

Ryan Naraine David DeWalt

Kaspersky Labs FireEye

Wolfgang Kandek Dan Kaminsky

Qualys Whiteops

Feng Xue David Litchfield Andy Ozment Timothy Wallach

Department of Homeland

Security (DHS)

Federal Bureau of

Investigation (FBI)

Key insights Tips and tricks

Analysis phase is the longest

and skews most negative for you

Security experts and industry of

fear drops sentiment by 11%

Expert opinion = 200% more

shares

Stay invested in the cycle

Don’t spin but find experts to

support you and provide balance

Have a proportional response

Key insights Tips and tricks

News needs to have an ending

Resolution = most positive

Customers need closure long

after the media have moved on

Be bold about taking care of your

customers

Fight the instinct to close the

door on the crisis

Assist law enforcement to find

attackers

Key insights Tips and tricks

Stories never die, they just go to

sleep

Tell the ending of your own story.

If not, long tail coverage will

focus on what broke, not how

you fixed it

Reiterate your resolution story

When dictated by circumstances,

take leadership

Remind your customers that you

are better than before

Today’s Cybersecurity News Cycle

We are often faced with the choice of whether we

parachute in a number of reporters to cover a breach

like we did with .

A company’s initial response helps to determine the

route we take.”

STEPS: Electronic Secure Data

Perception 12% decrease in customer trust after a breach

Attacks & Media Coverage

10-fold increase in cybersecurity-focused

stories in the last four years

Nicole Miller

NicoleM@we-worldwide.com

@nicolecmiller

Thank you.