The PR aspect of a Cyber Security Incident as per the one described here is the easy bit. Whilst each victim takes the inevitable reputational hit, to date most have got away with issuing the same, templated apology with associated customer concessions to 'cushion' the blow !
Whilst similar stories crop up on an increasingly regular basis, there have been few, high profile, repeat offenders, which is clearly a good thing. My guess is that over time this will change for a number of reasons including complacency on the part of the victims and the tendency for criminals to focus on the prevailing 'low hanging fruit'.
Second time around the PR teams are going to have to work considerably harder to ally the fears of consumers who may have been impacted.
So if once is an accident, twice will be considered carelessness rather than a coincidence.
Now it is worth taking a look at the aviation industry which has become a 'blue print' for intelligence sharing, with the leading aviation authorities, investigating even the most trivial incidents and sharing their findings with operators, maintainers and pilots as relevant.
From a Cyber perspective the solution will come in the form of monitoring for Indicators of Compromise (IOC), with the sharing of intelligence being critical. To this end Serengeti from Foregenix, has been developed by our PCI Forensic Investigation (PFI) team to identify the presence of IOCs relevant to POS systems.
Rapid deployment as part of our Incident Response Services, accelerates the investigation phase to the point whereby Foregenix can often establish the cause before others have thought of their travel plans!
Once in situ, Serengeti will monitor and extinguish other instances of the identified attack vector, which rarely exists in isolation.
A combination of appropriate tools like Serengeti, together with the sharing of IOC intelligence will serve the greater good of the industry and hopefully avoid situations whereby high profile brands have to dream up increasingly elaborate ways of convincing consumers that they still really do care about their personal data.
Given the volume of recent POS malware attacks on retailers and hospitality firms, it would be nice if these breach disclosures didn’t look and sound exactly the same. Eg, in addition to offering customers the predictable and irrelevant credit monitoring services topped with bland assurances that the “security of our customers’ information is a top priority,” breached entities could offer the cyber defenders of the world just a few details about the attack tools and online staging grounds the intruders used. That way, other companies could use the information to find out if they are similarly victimized and to stop the bleeding of customer card data as quickly as possible. Eddie Bauer’s spokespeople say the company has no intention of publishing these so-called “indicators of compromise,” but emphasized that Eddie Bauer worked closely with the FBI and outside security experts.