Archives for posts with tag: Security

Last Friday our clients’ comments were published in hundreds of different publications across the UK, US, France and Germany, here is how we did it:

On Thursday morning reports started to surface that Yahoo was expected to announce a huge data breach so we notified our clients straight away and asked them to prepare comments on the information that was available so that we could jump on the story as soon as it broke. Our clients prepared comments and then it was just a waiting game.

Around 8pm on Thursday night the story broke, Yahoo had officially announced the breach. So we immediately told our clients and asked if they needed to update their comments given the new information. As many of them are based in the US, they were still at work so getting a quick response wasn’t difficult.

By 9pm we had issued the comments to national and security press. Minutes later, Al Jazeera asked for a television interview and we managed to get a client on air that same evening.

Before even getting into the office the next morning we were already getting interview requests from the likes of ITN and International Business Times UK, let’s just say it was a very busy day of rushing around trying to get clients to TV studios in ridiculously tight deadlines (it’s situations like this that a private jet would be useful). We also asked our teams in France and Germany to translate the comments and issue them out (these are regions where responding to news like this is not the norm).

200387165-001The results were pretty incredible, the Press Association article syndicated across 447 publications, so the clients that were lucky enough to be mentioned in the article achieved a year’s worth of coverage in one day! Hits included, the Daily Mail, Independent and Huffington Post. In France, Le Figaro (a big national newspaper) even covered the story and other hits included InformatiqueNews.fr and Speicherguide in Germany.

What was interesting was that the few clients who were not quick enough to give us comment on Thursday did not get much coverage at all, even though we had sent their comments out on Friday morning before 10am. This is likely to be because journalists were so saturated with comments that they only used the first batch they received and wanted to push their stories out as soon as possible. So it really paid off that we were prepared to work unsociable hours on Thursday night (although let’s hope this doesn’t start happening too often).

 

In November we gained a new client called CertiVox; a Shoreditch-based cyber security company with a big vision to change the whole structure of the internet. In what we thought would be a normal meeting to get to know our new client, we were left gobsmacked at the big ideas and goals that this start-up had. The CertiVox CEO told us that trust on the internet is broken but he has a solution to fix it, as simple as that. It didn’t take us long to realise that this would be a very exciting client to work with, they had clear goals in mind and they wanted our help to achieve them.

CertiVox wanted a makeover and rebranding to become MIRACL. Our job was to take this new name that no one had heard of before and turn it into a well-known and trusted company. As if this wasn’t a mammoth enough job, it had to be done in time for their next round of funding this February.

In the first few days of working with MIRACL, before we had even met them properly, M&S had some technical glitches. So we practically threw the MIRACL CEO into a cab to the ITV News film crew in London to discuss the breach on national television. Not a bad way to kick off work with a new client.

Once we had time to catch our breath after the excitement of ITV news, we sat down and came up with a PR strategy to match MIRACL’s ambitions. We decided on a timeline to issue press releases surrounding MIRACL’s partnerships and work with big companies such as NTT and Experian. What we found particularly interesting was that Experian had selected MIRACL’s M-Pin technology to provide secure authentication for the millions of UK citizens who use the Gov.Verify service to log into any government activity websites such as DVLA and HMRC.

This coincided nicely with the tax return deadline of January 31st which would require anyone filing their tax return online to login using the Gov.Verify service. So we came up with the idea to carry out a survey on scams around tax returns. We then turned this into two press releases which achieved 180 pieces of coverage in publications such as the Metro, Yahoo News and MSN.

While all this was happening, we were also looking out for news stories around certificate authorities on which MIRACL could comment so that their voice can be heard on the issue, and it certainly has been in publications like SC Magazine and TechCrunch. Of course we also provided comment opportunities on big news stories in the industry such as the recent report which found that “123456” was still the most popular password. This achieved 30 pieces of coverage including the Guardian, Mirror and Metro (again!).

There was also the recent HSBC Distributed Denial of Service (DDoS) attack; terrible publicity for HSBC but great exposure for MIRACL’s CEO whose comments were included in publications such as International Business Times and Computer Business Review. On the following Saturday we had a call from a small television channel you may have heard of called BBC, asking for someone to talk about the Lincolnshire county council ransomware incident. We managed to convince the reporter to send a cameraman to Brian’s house for some ‘on the ground’ reporting and before we knew it, MIRACL’s CEO was on the evening news.

With appearance in online and print publications, television and radio and over 300 pieces of coverage for MIRACL since we started work for them in November, I think it is fair to say we have got their name out there loud and clear for the next round of funding and we don’t plan on stopping any time soon.

You may or may not have heard the news last week that a Snapchat HR employee fell for a phishing email in which a cyber criminal impersonated Snapchat’s CEO asking for employee payroll information. Worryingly, the employee was unable to recognise that this was a scam and gave the criminals the payroll information of present and former employees.

As no customer details were disclosed we knew that this wouldn’t be a huge story, yet as Snapchat is one of the most popular and wide spread apps on the market, it was a relatively safe bet to assume this would be written about. So we shared the story with our clients and Jonathan Sander, VP of Product Strategy at Lieberman Software came back with a great comment explaining that “the fact that Snapchat got snagged with this shows that being young, cool, and high tech doesn’t protect you from being a phishing target” and even millennials with their tech savviness will not be putting cybercriminals out of the phishing business.

Snapchat-flashy-features

Jonathan’s interesting comments achieved coverage in the Guardian, Computer Business Review, International Business Times and three other publications. Proofpoint also provided comments on the story which outlined just how sophisticated phishing attacks have become that even with training, people can still be fooled. These achieved coverage in Tech Week Europe and Information Security Buzz.

At Eskenzi we also get tens of phishing emails each day and we also received emails impersonating our CEO asking us to transfer money. Luckily, we were able to spot the scam however if we had fallen for it, it could have been detrimental to our agency. So while the Snapchat story resulted in good coverage for our clients we urge businesses to provide appropriate and ongoing training on how to spot even the most sophisticated attempts and plead everyone to be alert to suspicious emails.

IE_Logo_Trash-970x546

So, week two of 2016 here at Eskenzi was most definitely no shrinking violet compared to last week’s phenomenal results!

This week, Microsoft released its final patches for Internet Explorer 8, 9 and 10 along with an “End of Life” notice, to encourage users to switch to Internet Explorer 11 and Microsoft Edge, currently only available on Windows 10.

These changes were originally announced back in August 2014, and it is estimated that these older, legacy browsers could account for more than 20% of web traffic. Computerworld reported that as many as 340 million Internet Explorer users are still using IE 8, 9 or 10! NetMarketShare estimates that Internet Explorer accounts for 57% of the browser market, compared with 25% for Chrome, 12% for Firefox and 5% for Apple’s Safari – That’s a lot of people using browsers that are now potentially unsafe, and can no longer be patched.

This means that Internet Explorer won’t receive any more security updates, or other patches. Those still using the browsers could be vulnerable to security threats and even hacks; depending on what other (if any) security software is installed.

A story of this type throws open the rapid response doors for Eskenzi clients, many of which had sound advice on what users, who still use Internet Explorer 8, 9 or 10, can do to ensure they stay protected, despite this news.

Four Eskenzi clients commented on this story – ESET, Tripwire, AppRiver and Bromium – and one from our sister agency, SmileOnFridays – Tenable, which resulted in over 250 pieces of coverage across National newspapers, business publications and trade press.  The coverage obtained was truly global, with publications in the UK, United States, France, Germany, Kenya, Japan, Ghana and Argentina (and many more!) reporting on the news with commentary from our clients included.

Hits include the BBC, The Metro, Business Reporter (included with The Daily Telegraph), BT, SC Magazine, Dark Reading and Yahoo! News.

Several journalists reached out to Eskenzi for specific commentary, as we are so well known to those who report in the security and technology space, knowing they would get great quotes to use in their stories, as well as sound advice for businesses and consumers alike.

We’re lucky to work with so many amazing clients who can, at the drop of a hat, pull amazing quotes and advice out of the bag. I wonder what week three will deliver.

2016-01-06-image-6

logo-date+slogan(banner)

Just back from my hols and it’s heartening to see that whilst I’ve been away so many great movers and shakers in the IT security world have signed up to get involved in Security Serious Week in October. So many of the CISO community have already committed their time for free to offer seminars and webinars on a host of great subjects including Unilever, BT, Canon, Lloyds Bank, HSBC, GSK, Publicis Groupe, Markit, Willis and The Economist to name but a few!  Our loyal analysts including Ovum, Quocirca and IDC are on board and yesterday I was delighted that the Department for Culture, Media and Sports have agreed to get stuck in with events during the week and rally other Government departments to do so too – way to go!  The week should be incredibly insightful to any organisation wishing to become more security savvy!  So if you’re an IT security specialist or IT security organisation that wishes to impart your pearls of wisdom to other businesses to make them more Security Serious then why not organise a webinar or seminar. We’ll promote it for you on www.itsecurityguru.org and www.securityserious.com.    We’ve also got loads of companies participating in the press photocall at 12 noon on 26th October outside the Tower of London (find out more at www.securityserious.com) – where everyone will have a banner with their logo on it to show the world they’re “Taking Security Seriously”.  By participating in the day not only will you be counted as a company that’s Security Serious but it’ll be a great networking event as we’re all going to meet in the pub after the photocall – CISOs, analysts, press, vendors and other IT security professionals.  Hopefully, by getting together new contacts will be made and we can work together to make UK Plc a safer place to do trade Online! If you want to brainstorm how you can get involved then email me Yvonne@eskenzipr.com!

hacker
That’s a pretty far flung suggestion, but after my conversation with a “grey hacker” (that’s someone that works on the good side and also a little on the bad side) I’m not sure it’s so far-fetched. The truth is, I love talking to hackers. I think it’s becoming a bit of “thing” of mine, all because I’m trying to get my clients and their “hacker mates” to write a short story book made up of fictional hacker tales – based on the semi-truth. So in my quest to get this book written, I’m interviewing lots of hackers to get their thrilling tales from the underground. Well you could knock me over with a feather with what I’m currently hearing – it’s the most exciting venture I’ve undertaken in a long while.

Only last week my grey hacker friend was telling me about a bloke he met down the pub who has a rather interesting way of boosting his yearly income to pay for his wife’s new car or their expensive annual holiday. He manipulates share prices in what could be dubbed rather brilliant.

This is how it goes. He’s a very proficient IT consultant, called into major organisations to sort out all sorts of IT security issues from fire-fighting to unravelling an IT project that’s gone wrong and needs sorting out. He always chooses one year contracts, which gives him plenty of time to get familiar with the company and the company to get familiar with him. As an IT programmer, he has to get the back-door passwords or admin passwords which basically give him access to everything. He doesn’t use these for anything sinister at all for at least the year. He does a great job for the company and gets paid a fair price. Just before the company goes public with their profit announcements, he goes in through the back door and changes the figures. Of course no-one notices and the figures are very poor and surprises everyone – so of course the price drops. He buys a lot of stock but not so much that people notice he’s bought them, maybe just $50-$75k. Once the accountants have noticed that something has gone awry with the balance sheets, they re-issue the profit announcement and tell the world there was a terrible internal mistake and the price shoots up and he makes a very healthy profit.

That’s clever, obviously hugely illegal, immoral and very wrong – but you have to admire the guy and he’s never been caught because he doesn’t brag about it, isn’t greedy and leaves no trace behind him. I’m not saying this has happened in the case of Tesco’s – because when you read between the lines they look like they’ve just been pretty rubbish at “creative accounting” – but then my more paranoid brain says to me just imagine if there was a hacker that had screwed with their figures and now they’re having to make wonderful excuses to cover their tracks!

You see this book really is messing with my head – but I can’t wait to get all my contributions in from the hackers so you can read it and have your imagination run riot too!

Image

The Mail on Sunday this past weekend saw an anonymous whistleblower hand a journalist a memory stick with the personal data of 2,000 Barclays customers, saying information on a further 25,000 was also available.  

 

It has the security industry conflicted on  where the responsibility ultimately lies, with many citing that Barclays be liable and pay large fines.  However, others such as Dominique (DK) Karg, chief hacking officer for AlienVault commends Barclays for not burying its head in the sand and actually thanking the Mail on Sunday for bringing the leak to its attention. He said:  

 

“… it all comes down to organisations sharing this kind of intelligence openly so that others can learn from it. At this point, the damage to Barclays image is huge, but in this case, it is clearly the work of one or two people that had legitimate access to the data. What the authorities need to do is go for these guys and make an example of these malicious insiders.”

 

And I tend to agree.  All Barclays can do now is go back and launch a full investigation and take the appropriate steps after the fact.  I think the point is that people will always be the weakest link in an organisation’s security.  Without a doubt,  it is a slippery slope when we start losing the ability to make individuals accountable for their own actions – it’s all too easy to put blame squarely on an organisation. 

 

– Beth

Image

The golden rule is to produce lots of great content and be very focused about where you place that content.  However there’s a bit more to it than just producing great content – so in a series of blogs I’m going to share with you some golden rules on succeeding in PR.

Firstly – Why use a PR agency?

People employ the skills of a PR agency for many reasons.  In our industry it’s usually about building a brand, raising awareness for vendors from the US or Israel as they enter new markets or regions and want to create a buzz in the media.  Other companies are keen to raise their name to the top of the Google rankings and beat their competitors with publicity, or they could be preparing for an IPO or desire to be noticed by venture capitalists or potential trade buyers. Whatever the reason it always comes down to companies wanting to ensure that more people see them in the right media, so more people come knocking on their door.  I’d say that’s a good enough reason to employ a PR agency.

They say that editorial is worth 5 times more than advertising because people believe what they read whereas with advertising they know it’s contrived to make them buy the product or service.  However with PR the agenda is hidden as the editorial has been written by a journalist so it’s got to be true – hasn’t it?

The other reason why it’s worth employing a PR agency is that they can reap dividends for you and are much cheaper than using an advertising agency.  Often even the smallest of ads can amount to two or three thousand pounds.  If you take a retainer with a PR agency it may only cost £3,000-£7,000 a month but you could get 50 to 100 pieces of editorial which is incredibly valuable in increasing your brand awareness and building your market share.  I’d say if you have the budget a mix of both advertising and PR is the perfect combination.

A good PR agency that is specialised and experienced in your space can also add a great deal of industry insight and help with all sorts of management issues – many of our clients use us as a sounding board for many a creative idea.  We’re often called into management meeting so that we can offer an objective point of view as we can see the company from the outsider’s perspective.

Also companies reach out to PR agencies because they just don’t have the man hours to do the PR themselves or they don’t have the contacts with the key press.  If you’re working with a specialist PR agency they are on the phone or emailing the key journalists every day and have a rapport with them, which is something that takes a very long time to build up and is worth its weight in gold if you’re trying to get decent coverage in tier one publications.

PR is time consuming and you need to be on the case all the time – in our business, stories are breaking throughout the day so you have to be following twitter feeds and newswires constantly to make sure you’re not missing any opportunities – often PR is just one of the many functions of an in-house marketing department so the in-house PR person just doesn’t have the bandwidth to follow all the potential stories that a PR agency does.

If you do want to build your profile and you are a company that is on the up or even a company that’s on the down and needs to make sure they reverse that process a PR agency can help to build your profile and be noticed.  There’s nothing nicer than getting those Google alerts with your name mentioned in them or even better when your PR agency rings you to tell you you’re going to be on the BBC – it’s those days you reflect on and look forward to telling your kids or even grand-children about!

In my next blog I’ll be talking about how to go about choosing the right PR agency for you.

With less than six months now until the games come to town, it seems every one and their mum is warning of the carnage it will bring.

Recently I received an email from Transport for London, telling me about its new website – ‘Get Ahead of the Games’, to help me avoid the inevitable travel hotspots from additional people in our great capital.

Then, today, I wake up to the news that the British Government has warned us all to ‘prepare for communications breakdowns’! I don’t remember that being mentioned when Dame Kelly Holmes was jumping around, while Coe and Beckham became embroiled in a manly hug! Perhaps we’d have been better off saying, thank you very much but in retrospect we’ll let our goods friends the French have it.

Apparently, during the Beijing Olympics, there were 12 million “cyber security incidents” so it’s unlikely London won’t attract any. That said, we can take some reassurance that the Olympic Committee isn’t blindly hoping for the best.

We were treated to a display from our elite British security forces who, earlier this year, donned their waterproofs and took to the Thames in high speed boats to practice their strategy to evade a terror attack during the Olympics. Was it impressive – certainly, will it be enough – only time will tell.

There’s also a new guide, produced by London 2012 and the Cabinet Office, giving some useful information to help businesses not only prepare, but also take advantage, of the ‘largest sports event in the world’.

Don’t get me wrong, I’m not ‘anti’ the Olympics – in fact I’m auditioning in a few weeks to take part in either the opening or closing ceremony, but I do think that it’s not just fun and games in the various arenas we need to consider. Such a high profile event is going to put the businesses, and people, living in the UK in a number of spotlights and not all are going to be warm and fuzzy.

While Theresa May has said that the UK government has “robust plans” to deal with cyber attacks on London’s Olympic Games systems, with work underway to strengthen industry’s ability to defend against attacks, I don’t think I’d trust her to come round and lock my front door.

Take a few minutes to think about your security today, and whether you need to change anything for the summer, so you can relax and enjoy the games.

Every day we hear about another data breach, more and more it is becoming a common headline for personal data being lost by a company. Working in the security industry we use these stories as a way to educate the general public and other companies on how to secure their data, what tools to use and how to avoid becoming the next big breach or having your details in the wrong hands…but when will the public as a whole learn?

Sitting in a company meeting last week, we discussed all the different breaches that had happened over the year..as the breaches were mentioned it occurred to me that someone I know has probably lost their details in every one of those breaches….but do they know their details have been lost? Have they taken any actions?

Have they stopped using that website? My guess probably not.

Have they stopped using that bank account? Again probably not.

Have they proactively gone and changed all their passwords? Maybe for some – not all!

Being in the security industry, you become more aware of what is going on and inevitably more cautious. But as data breaches become more of a common daily occurrence, are people sitting up and taking action to protect themselves?

According to a survey by Symantec, 19 people fall victim to cybercrime every minute in the UK – this goes to show that no matter how many breaches we as a nation are still failing to protect ourselves. Why is this? Is it not our job to protect our own data? Do we think the companies should be taking extra steps to look after our data and we cannot do anything? Or with the rise of social networks do we all believe that all our data is out there for all to see – so why protect it?

Maybe its because we do not see how a small piece of information such as our password or date of birth could be of such high value to a hacker who can then access our bank accounts and have a shopping spree at our own expense…