Sometimes Hackers Just Want to Embarrass You

[Audrey McNeil <audrey () riskbasedsecurity com>]

https://finance.yahoo.com/news/sometimes-hackers-just-want-embarrass-000000161.html

Cyber attacks can have a detrimental impacts on customer relations,
revenue, intellectual property and the overall health and welfare of an
organization. But one significant impact, which can cost a company
considerable time and money to repair, is in the area of public relations.

This was the case recently when Amy Pascal, Sony’s co-chairman and chief of
its film division, came under intense criticism for her remarks about
President Barack Obama and less than flattering statements about
high-profile actors, including Angelina Jolie, Kevin Hart and Adam Sandler.

The comments were leaked by hackers who infiltrated the company’s emails
and then leaked her exchange with movie producer Scott Rudin. Despite her
quick apology, some in the industry initially speculated whether Pascal
would be forced to resign.

Other damages certainly occurred from the attack. The group claiming to
have carried out the cybertheft also took terabytes of Sony’s financial
information, budgets, payroll data, internal emails and films. Yet the
longest lasting impact of the incident may very well be the buzz now
permeating through social media and other gossip media pages about the
salacious views expressed by the company’s top brass.

And that will be the aspect that the public will remember most for some
time to come. Although there are many victims of cyber attacks, Sony’s name
may become synonymous with corporate losses and embarrassment from careless
emails and protection of data as was the case for Target.

The reality is that these embarrassing moments can have as big of an impact
on an organization’s bottom line as the attacks aimed at uncovering trade
secrets or bank accounts. The time and money spent to respond to awkward
statements could be extremely costly and the upheaval that can result from
shifts in a management team can slow down or even derail mission-critical
initiatives.

Any good incident-response policy should include a public-relations plan
that specifically addresses the potential fallout from stolen emails,
letters or other information that could have a negative result if publicly
released. Corporate managers need to have an understanding and anticipation
of the information in their computing networks that could result in a
public-relations debacle.

Let this serves as a visible warning to corporate managers: You may
certainly have regrettable slips of the tongue or articulated or comments
out of frustration -- ones that, at your core, you abhor and wish you could
take back. And when written in text, the fallout can become magnified when
shared in a public forum -- on the digital realm.

Every email, text, social media post or communique leaves a trail that can
be accessed and exploited by someone with the right training and
sophistication. Treat correspondence through such venues as ultimately open
to anyone.

So be mindful of what you share on digital platforms. Count to 10, take a
deep breath and ask yourself if you want what you have typed, texted or
posted to appear in a broad forum. If the answer is no, then don’t share it
electronically.

I recommend that if you need a place to vent the stresses of the day, work
out regularly. Trust me: Your the time will be spent far more benefically.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!