how to communicate effectively in a cyber attack

Report

Post on 12-Apr-2017

436 Views

Category:

Business

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

How to communicate confidently about cyber incidents

17th November 2016

LOST IN CYBER SPACE

2 | Regester Larkin © 2016

WHAT’S THE ATTRACTION FOR JOURNALISTS?

“The bedrock of most mainstream journalism is ‘crime stories’. Throw in the factors of being mysterious and new and it becomes a perfect story.”

“Cyber attacks are really interesting to me because they represent change and a new threat.

“When names like Tesco are involved it becomes the fall of the mighty. Big business failure is always a good theme.”

“Normal people don’t really understand what a cyber attack is. They know it matters and it’s one of the primary ways society could be plunged into chaos! That makes it terrifying and more interesting.”

“We can all relate to upset consumers –the ultimate ‘it could be me’ story. Even better when schadenfreude is a factor.”

“Spooks in real life… what’s not to love?!”

3 | Regester Larkin © 2016

• So much is unknown

• Fast moving and constantly changing picture

• Speculation and criticism is rife

• Police involvement may limit what you can say

• Great deal of misunderstanding about cyber

• Difficult to explain technical details in a simple, sympathetic, reassuring way

• Changing landscape

WHY ARE CYBER ATTACKS SO HARD TO MANAGE?

DO THE OLD RULES OF CRISIS COMMUNICATION STILL APPLY?

5 | Regester Larkin © 2016

1. DEMONSTRATE YOU’RE IN CONTROL

7 | Regester Larkin © 2016

DEMONSTRATE YOU’RE IN CONTROL

“I think we did the right thing to go out early and warn our

customers so that we could help make them safer, and

they could protect themselves”

11/11/15

8 | Regester Larkin © 2016

DEMONSTRATE YOU’RE IN CONTROL

Interview on BBC Radio 4 Today programme

Benny Higgins, CEO of Tesco Bank

07/11/16

9 | Regester Larkin © 2016

• Did either company appear to be in control?

• Was one more in control than the other?

• Why? What can we learn?

DEMONSTRATE YOU’RE IN CONTROL

10 | Regester Larkin © 2016

CAN YOU REASSURE CUSTOMERS YOU’RE IN CONTROL WHEN YOU DON’T KNOW WHAT’S HAPPENED?

• Communicate with confidence that you know your systems / infrastructure

• What data is held

• How data is stored

• Confidence in cyber terms and language

• What you’ve done to minimise chances of this happening

• Investment in cyber resilience

• What you’re doing in response?

• Doing everything in your power to rectify the situation (proof points)

• Speak confidently about your cyber response

• Who’s involved? What’s happening?

11 | Regester Larkin © 2016

CAN YOU BE IN CONTROL OF SOMETHING UNAVOIDABLE?

Interview on BBC Radio 4 Today programme

Benny Higgins, CEO of Tesco Bank

07/11/16

12 | Regester Larkin © 2016

CAN YOU BE IN CONTROL OF SOMETHING UNAVOIDABLE?

“We are spending a lot of time and resource and energy making our defences even stronger, we will continue to do that indefinitely.

This is a war of attrition between us and the criminals who are trying to break in. We will build higher walls, and they will build higher ladders and we will build higher walls and that is the way it is going to be forever.”

“We invest very heavily in preventative measures…

But in the modern world – we see it time and time again – it is impossible to be totally impregnable.

It is our absolute responsibility and something we take very seriously to put customers first…”

2. CONTAIN THE ISSUE

14 | Regester Larkin © 2016

CAN YOU CONTAIN SPECULATION?

15 | Regester Larkin © 2016

There are elements of this that look unprecedented and it is serious, clearly.

Andrew Bailey, Chief Executive, FCA

It is likely that either Tesco's internal systems, or its mobile application, have been hacked.

Ian Mann, Chief Executive, ECSC (cyber security service)

One estimate is that Tesco Bank could be fined nearly £2bn under GDPR rules for this incident.

Nigel Hawthorn, Chief European Spokesperson, Skyhigh Networks

CAN YOU CONTAIN STAKEHOLDER REACTION?

It is troubling. Banks have a long way to go to improve the resilience and security of their IT systems.

Andrew Tyrie MP, Chair of Treasury Select Committee

We identified these types of attacks months ago. The number of time we reached out to Tesco was shocking. Elad Ben-Meir, Cyberint

It will take a significant period of time to understand the incident given the technical complexities involved.

National Cyber Security Centre

I've not heard of an attack of this nature and scale on a UK bank where it appears that the bank's central system is the target.

Prof Alan Woodward, Ex-Security Consultant for Europol

16 | Regester Larkin © 2016

• It isn’t helpful “to assume the worst…”

• Point downwards at confirmed/expected numbers

• Point out what isn’t affected

• Use non-inflammatory language (cyber attack vs. data breach)

• Limit speculation about perpetrators, impact, motive etc

• Don’t give running commentary / fuel the fire

• Focus on what you do know

• Work closely with likely credible commentators

Set realistic expectations internally… you will receive criticism, there will be inaccuracies, there will be wild speculation.

Was Tesco Bank even hacked?

HOW CAN YOU CONTAIN THE PROBLEM?

3. DEMONSTRATE CARE AND CONCERN

18 | Regester Larkin © 2016

DEMONSTRATE CARE AND CONCERN

19 | Regester Larkin © 2016

DEMONSTRATE CARE AND CONCERN

“I’d like to apologise for the worry and the inconvenience that this issue has caused…”

“It is our absolute responsibility and something we take very seriously to put customers first…”

20 | Regester Larkin © 2016

CARE AND CONCERN

• Don’t play the victim card, it doesn’t work in cyber attack

• Remember that stakeholders may feel let down

• Show that you understand this is a personal and emotive issues

• Show regret and contrition

• Communicate directly with customers

BEING PREPARED: WHAT CAN YOU DO TODAY?

22 | Regester Larkin © 2016

PREPARE YOUR PEOPLE

People

Media train

Exercise

Discuss difficult issues

Engage IT

teams

Engage senior

leaders

"I've never been so scared

in a business context as I

was that first week. Really

properly terrified.... None of

my training had prepared

me for this.“

Dido Harding 2016

23 | Regester Larkin © 2016

PREPARE YOUR COMMUNICATIONS

Playbook

Map key risks

Checklists

Simple, effective message

List regulators

Key terms

24 | Regester Larkin © 2016

Ben Overlander

Director

Boverlander@regesterlarkin.com

020 3179 6000

mailto:Boverlander@regesterlarkin.com

top related

how to communicate effectively at your workplace
Education
candidate contact: how to effectively communicate with...
Recruiting & HR
schools communicate effectively relating to ... - manteca
Documents
how to communicate effectively in a team!!!!
Documents
people communicate effectively throughout the organisation
Business
how to communicate science effectively (iwc8 presentation)
Documents
how to communicate bad newz effectively???
Education
communicate effectively
Documents
presentation skills workshop - effectively communicate to...
Self Improvement
the “easy” way to communicate effectively and increase
Documents
how to effectively communicate with your insurers
Business
how to communicate effectively on linkedin
Documents
how to effectively communicate with techies
Education
  · web viewgoal: students can communicate effectively in...
Documents
how to effectively communicate performance program changes
Documents
how to communicate effectively through resume and linkedin
Career
how to effectively communicate occupational health & safety...
Documents
how to communicate effectively
Education
effectively communicate pvaas with your board and community...
Documents
using social media to more effectively communicate reform
Documents