SECURITY
MADEIN.LU
»»Reputation at stake

Reputation at stake

By on - Last modified: August 8, 2016 Business

Josef W, chairman of Octopus – worldwide Superyacht Rental & Sale, is slowly recovering from his heart attack. The website of the event “Superyacht Week” was hacked. In addition to the financial loss, the reputation of this family business is at stake.

What happened?

Since many years, “Octopus – worldwide Superyacht Rental & Sale” organizes the “Superyacht Week” in Malta, an event that gathers both business partners and wealthy clients from the 4 corners of the world – the “rich and beautiful”.

The tickets for the “Superyacht Week” were almost all sold out in just a few weeks through the registration system and online payment developed by Octopus. Yet the financial department didn’t record any payment.
After some investigation, the team of security experts discovered that the website, including the online booking system, was compromised. The data from the online registrations were diverted and the account linked to the payment system replaced by a foreign account. Octopus concluded that the amount of the registration fees was now located on bank accounts belonging to cybercriminals.

The hackers immediately reacted when they found out that security experts were involved. They erased all the data from the website and replaced the homepage with the message: “Superyacht Week CANCELLED”.

The image of Octopus is completely ruined.

What should Octopus do now?

Gather the crisis management team and implement technical, legal and operational measures:

Technical measures

  • Remove the Web server from the network: isolate the server to put it out of reach from the cybercriminals.
  • Secure the evidence: make a copy of the computer’s memory. The computer’s memory gathers “live-data” that is essential for the legal technical analysis.
  • Save the data that can still be saved: even deleted data can be recovered.
  • Analyse the log-files: all activities and processes are documented and archived in the log-files.
  • Reinstall systems in order to clean the computer.
  • Change passwords: all passwords for all systems and applications must be changed.
  • Inform the CERT – the local Computer Emergency Response Team: the CERT experts can assist in the technical implementation.
  • Make a complaint

Operational measures

  • Contact the insurance and review the coverage of the disaster;
  • Communicate with the customers and warn them that their personal data has been misused by criminals and could be used to harm them.
  • Tell them that the event is not cancelled.
  • Proactive communication on social networks and the media.
  • Implement the continuity plan of the company’s activities (Business Continuity Plan).

What preventive measures should Octopus have taken beforehand?

  • Update regularly all the server’s components, such as the CMS, including plugins, etc. and do penetration testing.
  • Perform regular backups.
  • Make extensive logging (to track the Network Traffic).
  • Regular analysis log-files.
  • Establish contacts with the CERTs as a preventive action.

Fortunately, “Octopus – worldwide Superyacht Rental & Sale” had set up an intervention and business continuity plan in case a crisis situation occurs and had concluded a professional insurance.

The names and actions are fictitious, but they are based on realistic scenarios.