how to communicate effectively in a cyber attack

How to communicate confidently about cyber incidents

17th November 2016

LOST IN CYBER SPACE

2 | Regester Larkin © 2016

WHAT’S THE ATTRACTION FOR JOURNALISTS?

“The bedrock of most mainstream journalism is ‘crime stories’. Throw in the factors of being mysterious and new and it becomes a perfect story.”

“Cyber attacks are really interesting to me because they represent change and a new threat.

“When names like Tesco are involved it becomes the fall of the mighty. Big business failure is always a good theme.”

“Normal people don’t really understand what a cyber attack is. They know it matters and it’s one of the primary ways society could be plunged into chaos! That makes it terrifying and more interesting.”

“We can all relate to upset consumers –the ultimate ‘it could be me’ story. Even better when schadenfreude is a factor.”

“Spooks in real life… what’s not to love?!”


• So much is unknown

• Fast moving and constantly changing picture

• Speculation and criticism is rife

• Police involvement may limit what you can say

• Great deal of misunderstanding about cyber

• Difficult to explain technical details in a simple, sympathetic, reassuring way

• Changing landscape

WHY ARE CYBER ATTACKS SO HARD TO MANAGE?

DO THE OLD RULES OF CRISIS COMMUNICATION STILL APPLY?

1. DEMONSTRATE YOU’RE IN CONTROL


DEMONSTRATE YOU’RE IN CONTROL

“I think we did the right thing to go out early and warn our

customers so that we could help make them safer, and

they could protect themselves”

11/11/15



Interview on BBC Radio 4 Today programme

Benny Higgins, CEO of Tesco Bank

07/11/16


• Did either company appear to be in control?

• Was one more in control than the other?

• Why? What can we learn?



CAN YOU REASSURE CUSTOMERS YOU’RE IN CONTROL WHEN YOU DON’T KNOW WHAT’S HAPPENED?

• Communicate with confidence that you know your systems / infrastructure

• What data is held

• How data is stored

• Confidence in cyber terms and language

• What you’ve done to minimise chances of this happening

• Investment in cyber resilience

• What you’re doing in response?

• Doing everything in your power to rectify the situation (proof points)

• Speak confidently about your cyber response

• Who’s involved? What’s happening?


CAN YOU BE IN CONTROL OF SOMETHING UNAVOIDABLE?

Interview on BBC Radio 4 Today programme

Benny Higgins, CEO of Tesco Bank

07/11/16


CAN YOU BE IN CONTROL OF SOMETHING UNAVOIDABLE?

“We are spending a lot of time and resource and energy making our defences even stronger, we will continue to do that indefinitely.

This is a war of attrition between us and the criminals who are trying to break in. We will build higher walls, and they will build higher ladders and we will build higher walls and that is the way it is going to be forever.”

“We invest very heavily in preventative measures…

But in the modern world – we see it time and time again – it is impossible to be totally impregnable.

It is our absolute responsibility and something we take very seriously to put customers first…”

2. CONTAIN THE ISSUE


CAN YOU CONTAIN SPECULATION?


There are elements of this that look unprecedented and it is serious, clearly.

Andrew Bailey, Chief Executive, FCA

It is likely that either Tesco's internal systems, or its mobile application, have been hacked.

Ian Mann, Chief Executive, ECSC (cyber security service)

One estimate is that Tesco Bank could be fined nearly £2bn under GDPR rules for this incident.

Nigel Hawthorn, Chief European Spokesperson, Skyhigh Networks

CAN YOU CONTAIN STAKEHOLDER REACTION?

It is troubling. Banks have a long way to go to improve the resilience and security of their IT systems.

Andrew Tyrie MP, Chair of Treasury Select Committee

We identified these types of attacks months ago. The number of time we reached out to Tesco was shocking. Elad Ben-Meir, Cyberint

It will take a significant period of time to understand the incident given the technical complexities involved.

National Cyber Security Centre

I've not heard of an attack of this nature and scale on a UK bank where it appears that the bank's central system is the target.

Prof Alan Woodward, Ex-Security Consultant for Europol


• It isn’t helpful “to assume the worst…”

• Point downwards at confirmed/expected numbers

• Point out what isn’t affected

• Use non-inflammatory language (cyber attack vs. data breach)

• Limit speculation about perpetrators, impact, motive etc

• Don’t give running commentary / fuel the fire

• Focus on what you do know

• Work closely with likely credible commentators

Set realistic expectations internally… you will receive criticism, there will be inaccuracies, there will be wild speculation.

Was Tesco Bank even hacked?

HOW CAN YOU CONTAIN THE PROBLEM?

3. DEMONSTRATE CARE AND CONCERN


DEMONSTRATE CARE AND CONCERN


DEMONSTRATE CARE AND CONCERN

“I’d like to apologise for the worry and the inconvenience that this issue has caused…”

“It is our absolute responsibility and something we take very seriously to put customers first…”


CARE AND CONCERN

• Don’t play the victim card, it doesn’t work in cyber attack

• Remember that stakeholders may feel let down

• Show that you understand this is a personal and emotive issues

• Show regret and contrition

• Communicate directly with customers

BEING PREPARED: WHAT CAN YOU DO TODAY?


PREPARE YOUR PEOPLE

People

Media train

Exercise

Discuss difficult issues

Engage IT

teams

Engage senior

leaders

"I've never been so scared

in a business context as I

was that first week. Really

properly terrified.... None of

my training had prepared

me for this.“

Dido Harding 2016


PREPARE YOUR COMMUNICATIONS

Playbook

Map key risks

Checklists

Simple, effective message

List regulators

Key terms


Ben Overlander

Director

[email protected]

020 3179 6000

mailto:[email protected]

how to communicate effectively in a cyber attack

Business