data breach crisis control – how to communicate when you’re in the hot seat
TRANSCRIPT
WEBINAR
WEBINAR
Slide 3
Agenda
• Introductions
• Who Are We
• 2014: Year of the Breach
• Going Viral
• Facing the Crisis
• Questions
Slide 4
Introductions
• Ted Julian, CMO, Co3 Systems
• Melanie Dougherty Thomas, Managing Director, Inform
Slide 5
About Co3 – Incident Response Management
MITIGATE
Document Results &
Improve Performance
• Generate reports for management,
auditors, and authorities
• Conduct post-mortem
• Update SOPs
• Track evidence
• Evaluate historical performance
• Educate the organization
ASSESS
Identify and Evaluate Incidents
• Assign appropriate team members
• Evaluate precursors and indicators
• Correlate threat intelligence
• Track incidents, maintain logbook
• Prioritize activities based on criticality
• Generate assessment summaries
PREPARE
Improve Organizational Readiness
• Appoint team members
• Fine-tune response SOPs
• Escalate from existing systems
• Run simulations (firedrills / table tops)
MANAGE
Contain, Eradicate, and
Recover
• Generate real-time IR plan
• Coordinate team response
• Choose appropriate containment strategy
• Isolate and remediate cause
• Instruct evidence gathering and handling
• Log evidence
Slide 6
About Inform
• INFORM is a leader in Integrated Communications (IC).
• Inform provides high-level strategy and execution incorporating public relations, marketing, innovative digital and graphic design, video production, ad placement, social and new media deployment, and crisis management to meet your goals.
• The principles of the firm are leaders in the industry, with nearly 20 years experience working in the communications field. They have been employed by Fortune 500 companies, been at the start-up table with new ventures, and worked for agencies both large and small.
Slide 7
2014: The Year of the Breach
“There are two kinds of companies in
America: those who’ve been breached and
those who don’t know they’ve been
breached.”
FBI Director James Comey
60 Minutes Interview
October 5, 2014
POLL
Slide 9
Attack of the Titans
• 43% of all companies in America have experienced a data breach, USA Today, 9/24/14
• 80% of breaches root cause is employee negligence, USA Today, 9/24/14
• 31.4 million people have had their protected health information compromised following a breach, HHS, 10/26/14
Slide 10
Going Viral: Why a Data Breach Takes Flight
• Record setting loss
• Sensitive community affected
• Competitive media market
• Concentration of affected parties
• Delay in notification
• Customer complaints unanswered
• Failure to respond to social media
• Ignoring the media
• Mixed messages
Slide 11
Case Study: A leading consumer brand breach blunder
1. Responding before a thorough assessment
2. Providing too much information too soon
3. Mixed messages=confusion
4. Retraction=uncertainty in messaging
5. Insensitivity to your market
6. Record-setting investment in brand rehabilitation
7. CIO & CEO lose positions, multiple class action suits in the $100M, breach cost over $150M to date
8. Board of Directors target of lawsuits
POLL
Slide 13
Facing the Crisis: 9 Steps to Crisis Communications Management – Active Incident
1. Internal planning happens before the crisis
2. Holding statement while forensics assessment is conducted
3. Coordination with crisis team
4. Social media monitoring begins
5. Public statement-thoughtful, showing earnest commitment to problem
6. Rapid notification/remediation, if required
7. Coordination across multiple communication mediums
8. Respond to every customer question in rapid fashion
9. Engage the press if approached
Slide 14
Collaboration is key
Risk &
Compliance
Legal-GC
& FirmForensics
Resolution
Provider
PR/
Crisis Communications
Client
POLL
Slide 16
The Path Forward: Specialist Required
Your Game Plan requires a crisis comms specialist who can stay abreast of industry, legal & regulatory developments, & the court of public opinion.
Issue
Advertising
Community Relations
Campaign
Slide 17
Takeaways
• You can’t market your way out of a crisis & brand damage
• Your in-house team is likely not equipped to handle breach or cybersecurity attack response (no matter how good they may be)
• Coordination & planning is key
• Make the CEO the spokesperson, not legal or PR
• Public statement~ thoughtful, showing earnest commitment to problem
• Regular crisis drills ensures response will be optimum
• Changing legal & regulatory landscape make data breach a priority for the C-suite & Board of Directors
• Media & consumer awareness is growing rapidly~ they’re informed & increasingly unforgiving
• Be prepared!
■
Slide 19
Upcoming Co3 Events
• You’ve Been Breached: How to Mitigate the Incident Jan. 21, 2015, 12-1 pm EST
– Featuring Ted Julian, CMO, Co3 Systems and Stephen Brennan, Global Technical Consulting Lead - Managing Partner, CSC
One Alewife Center, Suite 450
Cambridge, MA 02140
PHONE 617.206.3900
WWW.CO3SYS.COM
“Co3 Systems makes the process of planning for a
nightmare scenario as painless as possible,
making it an Editors’ Choice.”
PC MAGAZINE, EDITOR’S CHOICE
“One of the hottest products at RSA…”
NETWORK WORLD – FEBRUARY 2013
“Co3…defines what software packages for
privacy look like.”
GARTNER
“Platform is comprehensive, user friendly, and
very well designed.”
PONEMON INSTITUTE
Melanie Dougherty Thomas
Managing Director
Inform
http://informtheagency.com/
For a free consultation visit:
info.co3sys.com/free-consultation
Slide 21
“Co3 makes the process of planning for a nightmare scenario as painless as possible, making it an Editors’ Choice.”
– PC Magazine, Editor’s Choice
“Platform is comprehensive, user friendly, and very well designed.”
– Ponemon Institute
“One of the most important startups in security…”
– Business Insider
“One of the hottest products at RSA…”
– Network World
“...an invaluable weapon when responding to security incidents.”
– Government Computer News
“Co3 has done better than a home-run...it has knocked one out of the park.”
– SC Magazine
Most Innovative Product