
Cybercrime and data theft
During an incident it’s one of the first questions people ask, what did the attacker do? Did they steal any data? How did they do it?
All of which are typically rather difficult to answer in the first, probably week of an incident (incidents vary, sometimes it’s very obvious, other times you can’t be 100% sure on some details!)
But recently I’ve been talking lots about the way organisations communicate during incidents to their customers and the public etc. I’ve been explaining that the day 0 comms of ‘no data was stolen’ followed by a ‘lots of data was stolen’ in say day zero plus five… well it doesn’t help with my my trust in the victim organisation. Which to me, seems like an odd strategy for organisations to take. They have options:
Read more “Cybercrime and data theft”