Once, Twice, Three times a Malady

The Irish author Oscar Wilde famously said "to lose one parent may be regarded as a misfortune, to lose both looks like carelessness".  I wonder what Oscar Wilde would think of the English celebrity chef Jamie Oliver for having his website compromised not just once, or trice, but for the third time since December of last year? The latest compromise, which was discovered by Malwarebytes, enabled criminals to redirect unsuspecting visitors to the chef's website to links which download the password stealing Fiesta EK exploit kit.

Jamie Oliver, and the company which manages his website, have been relatively quiet during each of the three breaches. No announcements or warnings were given on the website about the breach, nor indeed did Jamie Oliver use his social media presence to alert those who visited his website that they may have been infected. The only commentary about the breaches have been via news websites and security bloggers.

A number of security experts, Graham Cluley being one of the more prominent ones, have criticised the celebrity chef for not taking a more proactive approach in informing visitors to his site about the breach. The fact the site has been compromised three times in such a short space of time has also raised questions about how effective those managing the site have been at properly addressing the root cause for the breaches.

To me this story highlights some key areas that many companies overlook when it comes to dealing with a cyber-security breach.  While the core of such a security breach may be technical in nature how you deal with that breach should not be solely focused on the technical aspects of the breach. A vital area often overlooked in incident response plans is on how to communicate to interested parties and other key stakeholders. This is particularly important if your organisation is in a highly regulated industry, depends heavily on its brand image and reputation, or has a lot of customers that could be impacted by the breach.

A good crisis communications plan should provide proactive and timely communications during a security breach outlining what you know and how you plan to move forward, which are critical in maintaining confidence in your organisation. A lack of timely communication or updates that lack any real detail can leave a vacuum resulting in media, bloggers, and others speculating as to what the cause of the breach was, what the impact to your organisation, or even if your organisation is taking the situation seriously enough. Once other start to fill this vacuum it can be very difficult for your organisation to regain the initiative and ensure the correct details are being discussed.

The other consideration is how you communicate to the different audiences. The details and information shared with senior management may be different to that shared with staff, which in turn will different from the details and message communicated to customers, the media, and the general public.

The mediums as to how you communicate during and after the incident is also important. Traditional media outlets may not be enough to consider, other channels such as social media, blogs, and websites should be included in your crisis communications plan. In a case like Jamie Oliver who has a large social media presence timely updates via this social media channels could inform visitors to his site of the compromises and the steps they should take to ensure their PCs were not infected.

There is no such thing as 100% security and at some stage your organisation will suffer a security breach. How your organisation handles the breach and communicates during it will probably have a longer impact than the actual breach itself.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitylegalMalwarebytesmalwarecybercrime

More about indeedMalwarebytes

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Brian Honan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts