Kaspersky has launched a new service – Kaspersky Incident Communications – to help communications professionals deal effectively with an IT security breach.
Founded on the company’s extensive expertise in security research and crisis communication, the service also encompasses lessons learnt from the Duqu 2.0 attack experienced by Kaspersky in 2015. The new offering includes training sessions and a tailored workshop for information security leaders and corporate communications teams. It will also advice personnel on efficient operation security tools for communication security and encryption, and suggest best practices to follow to help handle communications internally and externally while an organization is under attack.
The consequences of a data breach can be devastating for a company, with the average financial impact costing an enterprise an estimated $1.23 million in 2018. This includes around $132k of costs associated with the additional PR activities required to recover brand reputation. Despite this, only 47% of Chief Information Security Officers (CISOs) regularly collaborate with their corporate communication departments[1], which could impact an effective communications response in the case of an incident. To help companies address this potential issue and reduce reputational damage, the Kaspersky Incident Communications service is designed to upskill communications professionals and IT security leaders so that they can take appropriate and timely actions if an organization falls victim to an attack.
Kaspersky Incident Communications
The service is available in two options: Standard and Premium. The Standard package provides the foundations needed to build and activate an effective communications plan in the event a cyberattack. It consists of the following elements:
- Generic overview of the threat landscape, aimed at helping corporate communications teams understand the difference between malware, ransomware, APTs, unknown cyberattacks and how they may affect corporate reputation.
- Deep dive into experience gained when Kaspersky’s corporate communication team responded to the Duqu 2.0 incident.
- Operational security essentials, to provide communications professionals with technical toolkits that can be used for encrypting messages, calls and emails, as well as tips on how to effectively cooperate with IT security and incident response teams.
For those customers looking for more advanced knowledge specific to their needs, Kaspersky offers a Premium package which includes the following, in addition to the Standard package:
- Pre-workshop audit of existing incident management plan, organizational structure and reporting lines, conducted in cooperation with the executive responsible (typically the CISO and chief communications officer).
- Deep dive talk on those cyberthreats which are particularly relevant for a specific company, based on its industry, region and size.
- Scenario-based war room with practical exercise, to help understand which communications assets and processes should be developed as a part of the communications plan.
The Premium training is recommended for CISO, CIOs, directors of internal and external communications and other senior managers who will be involved in controlling how the crisis communications plan is executed.
“It is not unusual for people from corporate communications and IT security teams to work in the same enterprise, but not know each other personally. The heightened threat of cyberattacks has changed this, with IT and communications departments needing to work closely together to minimize damage and disruption. However, it can be a challenge for large corporations to bring these representatives together to cooperate, and even if it does happen, they may not understand each other as they speak different business languages. That’s why it is essential to prepare for such cases in advance, to know who should be involved, what their role is and which tools and processes should be in place,” commented Alejandro Arango, Global Director, Corporate Communications at Kaspersky.
Origins of the new offering
Kaspersky Incident Communications is an accumulation of the company’s experience and expertise in crisis communications for advanced cyber incidents. In early spring 2015, Kaspersky detected an advanced attack on its own internal networks, dubbed Duqu 2.0. At the same time as the Global Research and Analysis Team (GReAT) were conducting their investigation, the corporate communications department was working on the messaging. As it was understood that the attackers were inside the network, the communications team needed to pretend that they didn’t know about the attack. That’s why encrypted messages, among other technology solutions, were used between those working together, including GReAT, legal, IT security, marketing and the technical support team. As a result, on June 10, 2015, Kaspersky held a press conference and issued a press release disclosing the attack and confirming that its clients and partners, as well as products, technologies and services were not affected.
Povel Torudd, Head of the Brand Activation Studio at Kaspersky and one of the early proponents of the offering, comments: “In 2015, when Duqu 2.0 occurred, I was head of European PR and also a member of a professional network of corporate communication managers from big industrial companies, where we discussed different professional topics and insights. Members of this group were hungry for information on how we responded to the attack, so I told them how we did it. After that, I was regularly invited to small internal conferences to share our experience, with the talks always well received. In April 2018, I gave a presentation about the incident at an RSA conference, which is a rather unusual topic for such events. All the positive feedback and interest made us realize that most communications professionals, who don’t work in cybersecurity, wouldn’t know what to do if such a thing happened to their company – but they want to.”
The ongoing demand for such expertise prompted Kaspersky to introduce this as a service. In 2018, the idea was passed to the Growth Center at Kaspersky, responsible for exploring market opportunities and developing new offerings. Initial market research and discussions with salespeople backed up the value of the concept.
“Following the insight provided through our presentations to wider audiences, we started receiving requests for further information, more tailored recommendations and analysis for specific businesses and cases, providing an opportunity to transform that expertise into a service package. Further market testing confirmed that enterprise customers have a demand for this, with communication being a key part of the incident response process. Of course, commercialization of the offering took some time and effort, to get the tiers, pricing and delivery right, before we were able to launch it to the market,” commented Vitaly Mzokov, Head of Innovation Hub at Kaspersky.
The service has already received interest from a number of potential customers, including the Ministry of Internal Affairs of Serbia, which requested support for its process of disclosing information about cybersecurity incidents, as well as a series of Kaspersky Incident Communications training sessions in mid-June 2019.
“Communication to the public about major cyber incidents is crucial, especially for government organizations, because we collect and store data from our citizens. Any doubt in our ability to protect private data could impact our reputation and reduce trust in the Ministry and other government services. If incidents do occur, timely and meaningful communication to the public will prevent rumors and disinformation,” explains Nebojsa Jokic, the Head of CERT, Ministry of Interior, Serbia.
The Kaspersky Incident Communications service is available around the world. For more information, please visit its official webpage.
[1]Source: 451 Research Kaspersky Security Operations Survey Results. D2: ‘In your role as the CISO, CSO or equivalent senior Information Security executive, which of the following groups do you interact with most?’
About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
