Tuesday, March 10, 2009

Cyber Terrorism

I recently had the pleasure of speaking with Jonathan Bernstein, President of Bernstein Crisis Management. Bernstein Crisis Management, Inc. is a national consultancy providing 24/7 access to its president, Jonathan Bernstein, and a network of carefully screened and highly experienced crisis management experts who are on call nationwide and in many markets overseas. Bernstein Crisis Management engages in the full spectrum of crisis management services: crisis prevention, response, planning, training and simulations. The business was created and has been operated since January 1994 on the premise that its clients' executive leadership wants direct assistance from senior-level crisis management professionals.

On the Bernstein Crisis Management website, there are numerous great articles dealing with a variety of issues related to all the realms of identity theft. These articles include crisis management and public relations, dealing with the blogospheres, and most importantly crisis prevention. The article that I am reprinting specifically deals with Cyber Terrorism. I feel that this is an issue that at first only affected the large, financial institutions. But now, as the economy crumbles around our feet, more and more cyber thieves are going to try out cyber terrorism on the middle markets and maybe even the small business of America. To protect your company, you need to speak with someone like Jonathan Bernstein, and you need to get an Internet Liability Insurance policy that covers you for Cyber Terrorism. Cyber Terrorism insurance is found in many, but not all, internet liability insurance policies. But, most companies do not have internet liability insurance policies, and they are unprotected and face serious consequences to their company, their reputation, and their clients.

This article was originally title, "ISP Thwarts Cyber-Terrorists: LinkLINE Communications Turns Crisis Into PR Success":

Editor's Note: this is another of those rare occasions when a crisis has been very public and the client is justifiably proud of its response and willing to share the results with others. As I've told linkLINE's management, their willingness to take some direction on this challenging situation reflects great credit on them; I assured them that I've known other organizations not nearly so willing to "do the right thing."

The Crisis

"We think that someone calling himself 'Mr. Zilterio' may have accessed our customer records, to include credit card numbers. He's threatening to reveal that information to our customers and the press if we don't pay him a large amount of money."

That was the initial call I received from Marc Benzakein, one of the founders of linkLINE Communications (www.linkline.com), an expanding, relatively small (15,000 subscriber) but profitable Internet service provider based in Mira Loma, California (note: in their business, "profitable" is rare).

In that phone call, and a subsequent meeting with linkLINE's management/crisis response team, I learned that:

  • According to federal authorities and information available to anyone who does a search for "Zilterio" on the Internet, the same individual may have extorted as much as $4 billion from other organizations who wanted to sweep the situation under the rug for fear of losing business.
  • linkLINE, with law enforcement direction, had been stringing Zilterio along for a little while identifying how he got past their security. In the process, they traced the bank account to which Zilterio wanted money wired through Russia (where he said he was from) to Yemen, a known hotbed of terrorism.
  • The ISP felt strongly that it was ethically and morally wrong to give in to what could clearly be construed as "cyber-terrorism."
  • linkLINE had taken the steps necessary to ensure that the security hole which Zilterio may have exploited was plugged.
  • A significant loss of customers could be devastating to linkLINE because of its still-small size.

Crisis Response Team Meets

As a crisis response team, we agreed that:

  • linkLINE's customers needed to be notified of the threat before Zilterio communicated with them. This meant that the entire "response package" needed to be in place between our Thursday afternoon meeting and the following Monday evening. We all wanted to move even more quickly, but double-checking some security preparations precluded any more haste. The team member in touch with Zilterio felt he could stall him as long as necessary.
  • The best approach, very much in keeping with linkLINE's operating philosophy, was to express compassion for the concern this might cause customers, provide them with information they would need as a consequence of the situation, while also calling for them to unite with linkLINE in combating cyber-terrorism.
  • Close coordination would need to be made with the security offices for the four major credit card companies so that (a) linkLINE customers would have the least-possible work to do regarding the possible exposure of their credit card numbers and (b) that linkLINE's relationships with the credit card companies remained sound.

Pre-Announcement Activities

During three intense days of preparation:

  • linkLINE management contacted the four credit card companies, who were very appreciative of linkLINE's proactive response, agreed to put a special watch on linkLINE customer credit card numbers to see if they were fraudulently abused, and assured linkLINE that customers would not be held liable for any such fraud.
  • A Customer Alert letter was drafted for release late in the evening of Monday, March 18. That letter has been posted for "Crisis Manager" readers at:: http://www.piersystem.com/clients/bernstein/linkline1.txt
  • A press release was drafted for distribution in the early morning of March 19. That release, as an MS-Word doc, is temporarily archived at: http://www.piersystem.com/clients/bernstein/Linkline2.doc
  • A Customer Q&A was drafted in preparation for posting on linkLINE's website. That Q&A can still be found at: http://www.linkline.com/corp/securityfaq.asp
  • A special Customer Service Response Guide was created and customer service reps trained on its use.
  • linkLINE's crisis response team identified other key stakeholders, besides customers, who might need to be called or contacted when the news was released, and prepared to make those communications.
  • Marc Benzakein was trained to be the primary spokesperson on the situation, with another member of the team as backup spokesperson.

The Announcement and Results

Zilterio did not act during the preparation period, and linkLINE was able to launch its crisis communications campaign.

  • In the late evening of March 18 and early morning of March 19, respectively, the Customer Alert went out by email and the press release by PR Newswire (California circuit only, as 95% of their customers were in-state, and knowing that even the California circuit also goes to Internet news sites and certain other key media).
  • While customer call volume did go up, it was not overwhelming; linkLINE had contingency plans for what to do if it backed up, but the Customer Alert, combined with the Customer Q&A, apparently satisfied the vast majority of customers.
  • Most of the calls and emails that DID come in were highly complimentary of linkLINE's response. Some examples:
  • "In today's world of competition and LOVE of money very few companies are up front when they have a problem that could affect their business. YOU GUYS ARE THE EXCEPTION. Thanks for letting us all know the truth. Because of people like you I feel much safer on the NET. THANKS AGAIN."
  • "I would like to commend you on your handling of the Zilterio blackmail incident. Prompt and full disclosure through email and your website is the exact way to go. This kind of professionalism makes me happy to continue with linkLINE as my ISP. Nothing is 100% secure; what separates the pros from the rest is the response to a security breach. Your response measured up in every respect."
  • There were some people who were initially very disgruntled, but linkLINE execs did a great job of communicating in a caring and informative manner that made customers more comfortable.
  • A few credit cards were voluntarily (by customers) or involuntarily (by banks, when they were also ATM cards) suspended, but even those customers were understanding. And as part of their preparation, linkLINE had made it easy to switch to another credit card (securely) or use another method of payment.

Today, two weeks later, linkLINE had no net loss in customers and has continued to enjoy its usual level of growth.

Editor's Note: Unfortunately, Zilterio hasn't stopped doing his thing -- there's a Dow Jones story out today about his attack on another company. Any organization which maintains confidential information on its Internet-accessible servers is vulnerable and would do well to (a) assess its level of vulnerability and (b) be prepared to respond if and when a security breach occurs. Not merely operationally, but in terms of legally appropriate public relations.


 

 
Posted by at No comments:
Subscribe to: Posts (Atom)