Once, Twice, Three times a Malady
- 18 May, 2015 23:39
The Irish author Oscar Wilde famously said "to lose one parent may be regarded as a misfortune, to lose both looks like carelessness". I wonder what Oscar Wilde would think of the English celebrity chef Jamie Oliver for having his website compromised not just once, or trice, but for the third time since December of last year? The latest compromise, which was discovered by Malwarebytes, enabled criminals to redirect unsuspecting visitors to the chef's website to links which download the password stealing Fiesta EK exploit kit.
Jamie Oliver, and the company which manages his website, have been relatively quiet during each of the three breaches. No announcements or warnings were given on the website about the breach, nor indeed did Jamie Oliver use his social media presence to alert those who visited his website that they may have been infected. The only commentary about the breaches have been via news websites and security bloggers.
A number of security experts, Graham Cluley being one of the more prominent ones, have criticised the celebrity chef for not taking a more proactive approach in informing visitors to his site about the breach. The fact the site has been compromised three times in such a short space of time has also raised questions about how effective those managing the site have been at properly addressing the root cause for the breaches.
To me this story highlights some key areas that many companies overlook when it comes to dealing with a cyber-security breach. While the core of such a security breach may be technical in nature how you deal with that breach should not be solely focused on the technical aspects of the breach. A vital area often overlooked in incident response plans is on how to communicate to interested parties and other key stakeholders. This is particularly important if your organisation is in a highly regulated industry, depends heavily on its brand image and reputation, or has a lot of customers that could be impacted by the breach.
A good crisis communications plan should provide proactive and timely communications during a security breach outlining what you know and how you plan to move forward, which are critical in maintaining confidence in your organisation. A lack of timely communication or updates that lack any real detail can leave a vacuum resulting in media, bloggers, and others speculating as to what the cause of the breach was, what the impact to your organisation, or even if your organisation is taking the situation seriously enough. Once other start to fill this vacuum it can be very difficult for your organisation to regain the initiative and ensure the correct details are being discussed.
The other consideration is how you communicate to the different audiences. The details and information shared with senior management may be different to that shared with staff, which in turn will different from the details and message communicated to customers, the media, and the general public.
The mediums as to how you communicate during and after the incident is also important. Traditional media outlets may not be enough to consider, other channels such as social media, blogs, and websites should be included in your crisis communications plan. In a case like Jamie Oliver who has a large social media presence timely updates via this social media channels could inform visitors to his site of the compromises and the steps they should take to ensure their PCs were not infected.
There is no such thing as 100% security and at some stage your organisation will suffer a security breach. How your organisation handles the breach and communicates during it will probably have a longer impact than the actual breach itself.