Wednesday, December 3, 2014

The One Statement That Changes Everything For A Corporation That's Been Breached

Imagine that you're a publicly-owned company that has just been hacked in a BIG way. You're now in damage control mode. You've made a preliminary announcement. You've hired a high profile and very expensive Incident Response company. That's all SOP. After a reasonable amount of time goes by there is one statement that you can make which will change the game entirely. Guess which one it is:

THE INSIDER STATEMENT: A former ACME Corporation employee named Wiley E. Coyote stole the company's plans for a Jet-Propelled Unicycle by tricking a security guard into thinking it was just a big lunch box.

THE HACKTIVIST STATEMENT: The ACME Corporation's network has been breached by a fast-running ground cuckoo called RoadRunner.

THE NATION STATE STATEMENT: The ACME Corporation is the victim of a highly sophisticated cyber attack by an elite State-sponsored group of hackers.

If you guessed The Nation State Statement, you're right. Here's why.

Companies that get pwned by hacktivists like Anonymous or LulzSec look like they're incompetent because hacktivists launch low-level attacks against low-hanging fruit that shouldn't be there in the first place. Plus, hacktivists frequently get caught and then flip on their compadres. Bottom line, your multi-billion dollar multinational corporation has just been breached by some low-rent kid with no balls and your CEO looks like a jerk.

If, on the other hand, your company was breached by an insider, it opens a huge can of worms for your General Counsel because you hired the guy and malicious insiders always, ALWAYS, give early warning signs before they rip you off, which you clearly missed. With the hacktivist, you may look like a jerk but at least you can blame someone else. If you're the victim of an insider, heads are going to roll.

But imagine if you could point the finger at foreign government; especially one that everyone hated like Iran or North Korea. For many years, China was the go-to culprit but now it's more impressive to be hacked by Russia or the DPRK. If you can blame a nation state by calling the actors "state-sponsored", then you cannot be held responsible. You'd be the victim of a military organization or an intelligence service with vast funding and sophisticated capabilities that could overcome any corporate network. Plus, everybody wins! By blaming North Korea for example you have instantly created a news story which focuses attention on that idiot in Pyongyang instead of your CEO. You've have helped the White House and Congress further their DPRK policies. Your Incident Response company's CEO is now in love with you because you've guaranteed him international headlines which might result in a lucrative acquisition down the road.

Blaming a nation state for your company's attack is WIN - WIN - WIN.

There is one caveat, however.

Because it is so wonderful to be able to claim to be the victim of hackers employed by a foreign government, you have to be careful that the evidence supports your claim. If it looks like an inside job and you claim nation-state, it might have the opposite effect. Then your "win" will vanish faster than a RoadRunner's "beep beep".

No comments:

Post a Comment