CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

Managing reputational damage after a cyber attack - Panel discussion

Mackenzie Jackson and Julie Tsai discuss managing reputational damage after a security incident in the Cyber Friday discussion. They provide tips on what to do and what not to do. Full discussion at CISO series.

Video Transcript

we've talked about reputation loss from just a breach in general not specifically an sdlc attack but um and we have from the financial side what we have seen is temporary hits on stock prices and then what happens is the market loves a bargain and so when they see it go down they start buying it up and bounces back so it's kind of more of a situation of oh I I didn't like that you know the public saying that but then the financial people saying like it's still the same damn product and now it's cheap let me make some money here and it all goes right back up um but with the software itself is it the same sort of audience speaking up about trust or not are we kind of dealing with the same trust issue as I just described or this completely different I'll start with you Mackenzie yeah so I think what's incredibly important here is your response to an incident so I agree yes so like how you deal with that because I mean if you're the size I mean like uh Uber's siso recently uh got convicted um you know because they tried to cover that up you've lost a lot of if that was a security product or something that was you know fundamental then that that's pretty bad if we go to the other end you know solarwinds had one of the the worst attacks that we saw but one of the things that they did well and you can probably argue against this but one of the things I think it did well was their communication with exactly what happened not trying to I mean the the after the initial after the initial kind of we have a little bit of an incident once they've started getting in they started publish it is exactly what happened there was analysts that got involved that had access um so then you kind of go okay you've lost some trust but that has kind of been built up and now I feel like solarwinds is in a better position than before they were breached so I feel comfortable again well it's interesting we're gonna actually have the CSO for solarwinds on our show and I met him at a conference and this is just a quick story that I thought was amazing in his first 30 days of dealing with the incident this was like two and a half years ago almost um he moved into corporate housing across the street from the office was working 6 a.m to midnight every day he lost 30 pounds that first month oh yeah that's a great way to lose weight insane stress I gotta you gotta be careful what you should be advertising here David I have a funny story too about that well it's not really funny but I went to a panel when he was on there and the Panel LED with the question why haven't you been fired and I think that that someone would agree to be on a panel where that kind of question is asked and he had a great answer for it um well he wasn't the first thing he said was he wasn't actually the size so at that time he kind of moved into German he wasn't as ISO but yeah there was you know but it was kind of like his response um was just you know immediately on immediately onto the ground he rallied his team around him I think he had a lot of uh support internally by the people that were working and I guess at the end it would have been that this would be the disaster if we got rid of him uh so yeah well you needed some yeah you can't get because you need someone who knows the environment day one to deal with it that's a logical response I would say right but you know unfortunately when you're dealing with something of that nature uh people want to uh people want to have they want to find someone to blame or something to blame right but I don't think I don't think that's been so much the case these days do you like I think that historically that was but we're not seeing that much like how many honestly when's the last season you know of that was fired right after a breach I can't think of it any maybe not right after but sometimes some things can start unfolding in the six to 12 months after which is true in the Caesar pace for everything but I would say actually one of the things that is important is that you know using that example that you have of uber and solarwinds one is appealing directly to Consumers for the most part or at least that's a consumer brand name and then solarwinds has much more of a sort of um you know a business audience and I think that makes a huge difference in both the um the education level of your audience in terms of knowing what to look for knowing what to ask for and also their patience you know yeah okay so let's go back to because you talked about how active your audience is when you were at ROBLOX question when you had some kind of incident in the in the software development change something happened that audience is so active in chat rooms and whatnot but my feeling is if you don't get out there and publicly communicate they are going to make up the story any damn way they want because they're doing it all the time anyways right that's right that's right you have to get out ahead of it and you have to have very well synchronized um information and relationships with your comms teams the marketing and PR groups that are doing this kind of stuff day in day out for all sorts of purposes and be able to translate that very quickly for a um multi-layered audience you're going to have audience people like um other other csos other security practitioners that are going to want to see credibility everyone wants to see credibility but they're going to look for it in a different way right and then all the way through you know the parents the community the um you know the user base so you have to be able to work with those teams and get your message out in a very uh specific and direct way all right we got a game to play