Irisscon: Preparations can be made for a proper response to a crisis
Proper preparations can be made to minimise the crisis point around a data breach, according to Barclaycard's Neira Jones.
Speaking at the Irisscon event in Dublin, Neira Jones, head of payment security at Barclaycard, recommended creating an incident response plan to include a specific web page.
Saying that with more than 1.5 billion social network users, most people hear of breaches online, and that should be a consideration when creating an incident response.
“There were more breaches in 2012 than all 2011, 31.6 per cent more than in 2011. That is 1,283 for 2012 so far,” Jones said.
“Eighty-four per cent of organisations were notified of a breach by external entities, and within that 84 per cent, the attackers had an average of six months in the environment. We see the figures but we don't learn. We can all agree that breaches have become a statistical certainty and information security is not about deploying controls and incident response is still very rare.”
Looking at the LinkedIn breach, Jones said that there was a slow response, with most awareness driven by retweets and social network conversation.
She said: “The new dimension is speed and it needs to be an increasing part of your planning, as news will spread with or without your involvement. You have to have a plan and a team and cater for that, you also need to create a web page to deal with your crisis situation.”
Jones highlighted three sets of 'A's' when it comes to incident response, the first being acknowledgement, apology and action in finding out the basics and sharing with your audience, and doing something.
She said: “With the three A's, it takes seven minutes for a crisis to be known worldwide. Although having a web page doesn't mean that people will listen or find you.”
She recommended the next set of A's: amplification, advocacy and adhesion, as you become a central hub for the crisis "so you can own it".
She said: “You cannot do it on your own. You need to use social avenues to direct people to your crisis web page and keep it updated as and when you know more. When there is anything newsworthy, information seekers will find it out, so give them information and seek out allies and partners and share information and trust your employees. They will be your advocates.”
Finally, to get the situation in your favour, Jones said that you should "answer, analyse and aggregate". Analysis involves monitoring real-time content and categorising and preparing for content to be posted, answer involves making a statement and speaking publicly and you should aggregate the information by putting everything in one place, on your web page.