The PR aspect of a Cyber Security Incident as per the one described here is the easy bit. Whilst each victim takes the inevitable reputational hit, to date most have got away with issuing the same, templated apology  with associated customer concessions to 'cushion' the blow ! 

Whilst similar stories crop up on an increasingly regular basis, there have been few, high profile, repeat offenders, which is clearly a good thing. My guess is that over time this will change for a number of reasons including complacency on the part of the victims and the tendency for criminals to focus on the prevailing 'low hanging fruit'. 

Second time around the PR teams are going to have to work considerably harder to ally the fears of consumers who may have been impacted.  

So if once is an accident, twice will be considered carelessness rather than a coincidence. 

Now it is worth taking a look at the aviation industry which has become a 'blue print' for intelligence sharing, with the leading aviation authorities, investigating even the most trivial incidents and sharing their findings with operators, maintainers and pilots as relevant. 

From a Cyber perspective the solution will come in the form of monitoring for Indicators of Compromise (IOC), with the sharing of intelligence being critical.  To this end Serengeti from Foregenix, has been developed by our PCI Forensic Investigation (PFI) team to identify the presence of IOCs relevant to POS systems. 

Rapid deployment as part of our Incident Response Services, accelerates the investigation phase to the point whereby Foregenix can often establish the cause before others have thought of their travel plans! 

Once in situ, Serengeti will monitor and extinguish other instances of the identified attack vector, which rarely exists in isolation.  

A combination of appropriate tools like Serengeti, together with the sharing of IOC intelligence will serve the greater good of the industry and hopefully avoid situations whereby high profile brands have to dream up increasingly elaborate ways of convincing consumers that they still really do care about their personal data.