This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Irisscon: Preparations can be made for a proper response to a crisis

Share this article:

Proper preparations can be made to minimise the crisis point around a data breach, according to Barclaycard's Neira Jones.

Speaking at the Irisscon event in Dublin, Neira Jones, head of payment security at Barclaycard, recommended creating an incident response plan to include a specific web page.

Saying that with more than 1.5 billion social network users, most people hear of breaches online, and that should be a consideration when creating an incident response.

“There were more breaches in 2012 than all 2011, 31.6 per cent more than in 2011. That is 1,283 for 2012 so far,” Jones said.

“Eighty-four per cent of organisations were notified of a breach by external entities, and within that 84 per cent, the attackers had an average of six months in the environment. We see the figures but we don't learn. We can all agree that breaches have become a statistical certainty and information security is not about deploying controls and incident response is still very rare.”

Looking at the LinkedIn breach, Jones said that there was a slow response, with most awareness driven by retweets and social network conversation.

She said: “The new dimension is speed and it needs to be an increasing part of your planning, as news will spread with or without your involvement. You have to have a plan and a team and cater for that, you also need to create a web page to deal with your crisis situation.”

Jones highlighted three sets of 'A's' when it comes to incident response, the first being acknowledgement, apology and action in finding out the basics and sharing with your audience, and doing something.

She said: “With the three A's, it takes seven minutes for a crisis to be known worldwide. Although having a web page doesn't mean that people will listen or find you.”

She recommended the next set of A's: amplification, advocacy and adhesion, as you become a central hub for the crisis "so you can own it".

She said: “You cannot do it on your own. You need to use social avenues to direct people to your crisis web page and keep it updated as and when you know more. When there is anything newsworthy, information seekers will find it out, so give them information and seek out allies and partners and share information and trust your employees. They will be your advocates.”

Finally, to get the situation in your favour, Jones said that you should "answer, analyse and aggregate". Analysis involves monitoring real-time content and categorising and preparing for content to be posted, answer involves making a statement and speaking publicly and you should aggregate the information by putting everything in one place, on your web page.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.