Search Blog
Blogroll
  • Alan Fustey
  • Becky Wong
  • Bert Griffin
  • Blair MacDougall
  • Blake Goldring
  • Brett Baughman
  • Camillo Lento
  • Chris Delaney
  • Cynthia Kett
  • Darren Long
  • Desmond Jordan
  • Don Shaughnessy
  • Doug Lamb
  • Ed Olkovich
  • Eva Sachs
  • Evelyn Jacks
  • Gail Bebee
  • Gerald Trites
  • Gordon Brock
  • Guy Conger
  • Guy Ward
  • Heather Phillips
  • Ian Burns
  • Ian R. Whiting
  • Ian Telfer
  • Jack Comeau
  • James Dean
  • James West
  • Jeffrey Lipton Fairmont Gloucester
  • Jim Ruta
  • Jim Yih
  • Joe White
  • Jonathan Chevreau
  • Kenneth Eng
  • Larry Weltman
  • Malvin Spooner
  • Mark Borkowski
  • Marty Gunderson
  • Michael Kavanagh
  • Monty Loree
  • Nick Papapanos
  • Norma Walton
  • Pat Bolland
  • Patrick O’Meara
  • Paul Brent
  • Peter Deeb
  • Peter Lantos
  • Riaz Mamdani
  • Richard Crenian
  • Richard Warke
  • Rick Atkinson
  • Rob Peers
  • Robert Bird
  • Robert Gignac
  • Sam Albanese
  • Stephane Ruah
  • Steve Nyvik
  • Steve Selengut
  • Tammy Johnston
  • Terry Cutler
  • Trade With Kavan
  • Trevor Parry
  • Trindent Consulting
  • Wayne Wile
  • Categories
    September 2012
    M T W T F S S
    « Aug   Oct »
     12
    3456789
    10111213141516
    17181920212223
    24252627282930

    Tags

    When the complacent CEO gets hacked

    Terry Cutler

    By Terry Cutler

    When that home phone rings at a time of morning when sleep has moved into deep R.E.M., and the text messages start appearing it could only mean one thing to a CEO; there is a problem with the company security net. This could cost millions.

    From best-case scenario to worse, you go over it in your head. Best Case? The security team caught a small breach. It isn’t enough to be overly alarmed, but it does warrant a phone call. Worse? Your monitoring system has spotted what security is calling “highly” suspicious activity over the company network. They are addressing the problem.

    When the phone is answered you are told it is the ladder and the situation is expected to get worse.

    This could mean even bigger money problems. Nasdaq, Sony, Citibank, whos hacks cost millions. Citibank’s hack attack (http://moneywatch.bnet.com/saving-money/blog/devil-details/citi-hack-attack-6-things-you-must-do-now/4769/) in June of 2011 exposed personal information about some 200,000 customers. Since 2005, some 533 million personal records have been exposed, according to the Privacy Clearing House (https://www.privacyrights.org/). Sony’s 2011 hack of its PlayStation now reports that up to 70 million people had their personal data in jeopardy to hackers after a breach in 2011. Sony’s cleanup was estimated at 2 billion dollars.

    In the meantime, the overnight customer service representative is reporting more than the usual complaints of unauthorized debits to their credit cards and banks, and your customer service department is overloaded with irate customers.

    You’re next move? Admit it: you’ve been hacked.

    Three credit card companies are on hold. Enough, you say. You’ve known all along, and on your way to work, the longest drive of your life. The year 2011 has been called the year of the hack, or at least more companies are admitting their security had been breached. Time to minimize the damage. On the drive to the office, you order company representatives to post a notification letter on the website, explaining the situation and assuring customers that the company is working on the problem. Offer credit-rebuilding services and flag unauthorized use of credit cards, and offer free stuff.

    As CEO, you are aware of the value of reassuring customers and keeping them as valued customers. It’s the company’s bread and butter. A company’s reputation if founded on how customers are treated, and including them in the problem through notifications will help maintain the established reputation. Your head security consultant meets you at the door. He informs you that the hack is not as bad as first thought. In fact, only a few files were lifted, but the network was breached, and the consultant reminds you that security is not a reactive game, but one with a proactive approach.

    What he is saying is budget more money for security – it’s better that way. Or pay the price of a large-scale hack!

    The decision is clear, or is it?

    Next week: why companies don’t budget for an eventual hack

    follow me on twitter @terrypcutler

     

    The MONEY® Network