@ Utah State University •CAI Masters Student (Also at USU) •Rebekah Brown •Senior Researcher @ University of Toronto's Citizen Lab •SANS FOR578 Co-Author and Instructor
card processing compromised in 2014 PF Chang's • Major credit card data breach in 2013, exposing information of approximately 40 million customers Target • In 2016, Yahoo disclosed a massive data breach affecting 3 billion user accounts, one of the largest in history Yahoo! • In March 2015, Slack reported a data breach affecting about 500,000 users, exposing usernames, email addresses, and hashed passwords Slack
the communication process used to respond to a threat to an organization's reputation. The crisis plan is used when there has been a major event.” ~ PRLab
lead to significant financial losses Trust and Credibility: Incidents erode customer trust and damage brand credibility Competitive Advantage: Can differentiate an organization from competitors Regulatory Compliance: Most industries face strict data protection regulations
of Control Too Late: Your warning is less actionable & you seem oblivious Best Option: Over Communicate & Assume the Worst Legal & Regulatory Requirements
What is the organization doing to remediate the problem? What is the organization doing to protect users? How do people know if they’re affected? What can people do to mitigate the problem? What can people do to remediate the problem?
Target's network through credentials stolen from a third-party HVAC vendor, then installed malware on point- of-sale systems to capture card data • Timing and Scope: Occurred during the 2013 holiday shopping affecting approximately 40 million credit and debit card accounts and exposing personal data of up to 70 million customers • Impact: The breach resulted in significant financial losses for Target (estimated at $202 million), & led to the resignation of CEO Gregg Steinhafel
took several days to publicly acknowledge the breach and provided inconsistent information • Underestimating Impact: The company initially downplayed the breach's severity, later revealing it affected more customers than first stated • Lack of Empathy and Support: Early communications focused on technical details rather than addressing customer concerns • Poor Leadership Visibility: Then-CEO Gregg Steinhafel's absence from early communications missed an opportunity to demonstrate strong leadership during the crisis
issuer to use chip & pin credit cards • Established a Cyber Fusion Center for real-time threat monitoring becoming an industry leader in detection, response, intel, & hunting • Shout out to David Bianco! • Joined the Retail & Hospitality Intelligence Sharing & Analysis Center (RH-ISAC) to collaborate on cybersecurity issues
update to CrowdStrike's Falcon Sensor software that triggered an out-of-bounds memory read in the Windows sensor client. • Scope: System crashes affecting roughly 8.5 million Windows systems globally, making it the largest outage in the history of information technology. • Impact: Disruption of daily life, businesses, and governments around the world, highlighting the critical reliance on cybersecurity solutions and the potential consequences of software errors. • Not a security incident but still a crisis needing communication
spraying attack exploiting a legacy test account • Scope: Unauthorized access to corporate email system, exposing limited email metadata but no sensitive content • Impact: Potential for targeted phishing, reputational damage, mitigated by Microsoft's prompt response and remediation
communication plan it’s way too late!!! •Involve all your stakeholders both in practice and execution! •Wargame what scenarios you might be in and prepare for them, then score them! •Collaborate and practice collaborating! •Avoid making the same mistakes twice… after all…