Combine cutting-edge XDR technology, multi-signal threat intelligence and 24/7 Elite Threat Hunters to help you build a world-class security operation.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Cyber risk and advisory programs that identify security gaps and build security strategies to address them.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
XDR with machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Seamless integration and threat investigation across your existing tech stack.
Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Extend your team capabilities and prevent business disruption with expertise from eSentire.
We balance automated blocks with rapid human-led investigations to manage threats.
Guard endpoints by isolating and remediating threats to prevent lateral spread.
Defend brute force attacks, active intrusions and unauthorized scans.
Investigation and threat detection across multi-cloud or hybrid environments.
Remediate misconfigurations, vulnerabilities and policy violations.
Investigate and respond to compromised identities and insider threats.
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize timely, accurate, and actionable cyber threat intelligence.
THE THREAT In recent weeks, eSentire’s Threat Response Unit (TRU) has traced numerous email account compromise cases to infrastructure hosted on several related hosting…
Dec 10, 2024THE THREATUpdate: Security patches to address this vulnerability were released by Cleo on December 12th. Organizations need to update to Cleo Harmony, VLTrader, and LexiCom versions…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Three MDR package tiers are available based on per-user pricing and level of risk tolerance.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
This blog was created from a live webinar presented in conjunction with ILTA on 4/28/20. Access the webinar on-demand here.
The likelihood of a data breach that could put you in the headlines grows as cybercriminals test traditional defenses, often using legitimate credentials and fileless attacks as highlighted in the eSentire Annual Threat Intelligence Report: 2019 Perspectives and 2020 Predictions. Unfortunately, many organizations don’t see themselves as targets and are thus unprepared for the challenges and public storm when crises occur.
Exploring headlines from past crises of all types is a good way to learn how to build a crisis communications framework. Not to admonish the publicly scrutinized and sometimes condemned spokesperson or their companies, but to learn from missteps and find an alternate course to avoid negative backlash.
Perhaps the most memorable event is also one of the most tragic. On April 20, 2010, while completing testing of a well cap, massive explosions crippled the Deepwater Horizon drilling rig just off the coast of Louisiana. Most of the 126 people aboard were rescued, but sadly, 11 crew members were lost. British petroleum giant (BP) had commissioned Transocean to conduct the exploratory drilling. Over several months, 210 million gallons of oil spilled into the Gulf of Mexico as attempts to cap the well failed. The resulting environmental disaster destroyed Louisiana wildlife, wetlands and the economy. As of 2018, BP had paid an estimated $65 billion in clean-up, law suits, fines and other losses.
On May 31, 2010, then BP CEO Tony Hayward arrived to personally oversee operations to stem the leaking oil. During a CNN interview, Hayward said, “We are sorry for the massive disruption this has caused ... There is no one who wants this thing over more than I do. You know, I’d like my life back.” In the blink of an eye, he made personal statements that eclipsed the loss of life and regional environmental and economic disaster. To make matters worse, he was filmed sailing with his son in a yacht race. The resulting furor led to his termination and sank BP into further public perception trouble..
This apparent apathy serves as a warning to those representing their company in a time of crisis. It’s what I term the three Ds of poor crisis communications: defend, deflect and deny. None of these play well with the media, investors and customers. When communicating about a crisis, avoid the three Ds and be mindful of these 10 pieces of advice:
Remember the doctor who was dragged unconscious off a United Airlines flight 3411 in 2017? Then CEO Oscar Munoz issued a statement in which he referred to the incident as “re-accommodating the customers” and characterized the passenger as “disruptive and belligerent.” Of course, he was left holding the hot potato when video surfaced on social media showing the unconscious and bloody doctor being dragged down the airplane’s aisle. After sharp criticism, and a steep drop in stock value, the airline forced Munoz to publicly apologize and stripped him of a planned promotion to chairman.
Was Munoz misinformed and genuinely protecting his employees? Perhaps. A culture of truth and accountability is paramount. The point person becomes the public lightning rod of criticism. And it’s the job of the CEO to be informed. A captain might not be responsible for every action on the ship, but they are accountable.
We’ve seen two stories of what not to do. Now let’s look at the right way to plan and respond in a crisis. The first stage, like incident response or business continuity planning, is about being prepared, knowing roles and responsibilities and following the plan.
Your plan provides a framework by which you respond when a crisis occurs. It should contain:
Your crisis team is responsible for building the plan, training representatives, supporting internal and external communications, measuring response and adapting to coverage. First responders include the executive sponsor who acts as the decision-maker, PR leader, legal counsel and contracted crisis management firm. Once the alarm is pulled, other members join the extended team: internal, partner and customer communications, social media and website and human resources.
It’s critical that you train your spokesperson(s). Media interviews are stressful. Some journalists will use tactics to evoke headline comments and time as a pressure point. Often, a company will receive a media inquiry late in the day, looking for a comment on a story they are planning to run during the 6 p.m. news. It’s designed to put you on the defensive.
Two examples come to mind. In 2011, during an uproar over privacy and transfer of confidential data upon government request, then smartphone giant BlackBerry CEO, Mike Lazaridis, lost his cool during a BBC interview, repeatedly stating: “That’s just not fair,” when pressed on the security issue. He sidestepped responsibility, claiming “We’ve been singled out because we are so successful.” Minutes later he stated, “It’s over, the interview is over,” then walked out of the interview straight into headline news rather than a sleepy midday business segment.
And in this perfect example of hubris, then CEO of Sainsbury’s was caught singing “We’re in the money” before being interviewed by ITV news about the company’s impending acquisition by Asda. The multibillion-dollar deal was scuttled as a result of the interview that made the merger a topic of monopoly violations and forced the hand of the government to quash the merger.
Holding statements are basic responses to anticipated scenarios:
We are aware that confidential information has been made public by one of our employees, and we have enacted robust response protocols and have launched a thorough investigation. We are moving as quickly as possible, with the understanding that these investigations are complex, dynamic and require time to conduct properly.
At this time what we do know is <describe situation in appropriate level of detail>.
We can confirm that we are working with those involved and the appropriate authorities have been notified. The actions by this/these individual(s) is incredibly disappointing and is not reflective of the values and beliefs that are held to the highest standard by the other employees of the organization. We do not condone this type of activity and will be taking severe measures including termination for those who were involved. We deeply regret this incident.
We are committed to ensuring we get the correct details on the matter and will continue to communicate appropriately when we have what we believe is credible and actionable information.
As stakeholders, your employees have a right to know what’s going on. More importantly, they need to understand their role and the limits of their position. It’s critical that they know how they must avoid heroics, grandstanding or even acting with what they think are good, but ill-informed, intention. Loyalty can be dangerous when not checked, especially considering a reporter could approach employees in the parking lot in an attempt to elicit a comment.
During the Equifax breach, CEO Rick Smith said in a video statement: “Equifax will not be defined by this incident, but rather by how we respond.” The next day, a support center employee posted on Twitter “Happy Friday! You’ve got Stevie ready and willing to help with your customer service needs today!” Responses were, of course negative, including one unhappy customer who reportedly replied: “Stevie, can you help repair my life your company just ruined?”
Time is critical in crisis. Telling your story first sets the tone and establishes a baseline of facts. In 2009, a musician immortalized his experience on a United Airlines flight from Halifax to Chicago in YouTube music video. While on a layover in Nebraska, passengers witnessed baggage handlers throwing guitars. Upon arrival he discovered that his $3,500 Taylor guitar was smashed. He filed a claim which the airline deemed ineligible for compensation. The musician later wrote a book on the subject and United Airlines' stock price fell 10 percent, costing stockholders about $180 million. (read the full story)
Turning to breach-related crises, it’s about building trust (or rebuilding it). Consider Equifax CEO Rick Smith’s statement that the firm would be “defined by its response.” Well, its response was to publish a website on which customers had to file a claim by entering confidential information that Equifax had already mishandled! Brian Krebs, a leading cybersecurity journalist responded, “I cannot recall a previous data breach in which the breached company’s public outreach and response has been so haphazard and ill-conceived.”
More recently, Uber was exposed for an attempted payment to keep criminals from exposing a massive data breach. It’s one thing to forgive the initial hack. On some level, the company was a victim, too. But paying to cover it up is another thing. They even went as far as demanding the hackers signed nondisclosure agreements … I’m speechless!
And in 2020, Travelex camouflaged a system-wide outage as a “scheduled maintenance,” later admitting that the event was the result of a massive ransomware attack, ignoring the age-old wisdom that “honesty is always the best policy.”
This one is straightforward. If you manage protected data or operate in a regulated industry, then follow the rules about breach notification. This also applies to state and other privacy laws like GDPR.
You should monitor coverage and adapt to public responses; don’t bury your head in the sand. This includes mainstream and social media to assess tone and provide a response that protects your reputation. Remember, you don’t have to respond to every post.
Like any plan, things often change as soon as a crisis occurs. People panic or take matters into their own hands. It’s imperative that you review performance and determine ways to improve. The reality is that the first time won’t be the last time you face a crisis.
Ironically, Equifax CEO Rick Smith had it right in one regard. A good crisis management plan and response will help ensure that your firm is not defined by the crisis but rather how you respond.
eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit: www.esentire.com and follow @eSentire.