Free Essay

Cyber Attack

In:

Submitted By dorrellx
Words 1827
Pages 8
Abstract
Failing to communicate and collaborate in crisis or emergency situation will undoubtedly increase the vulnerability of an organization toward potential crisis. This paper highlights the significance of effective communication and collaboration at different levels in the event of or during a crisis. This is a case of a cyberattack against Sony Pictures Entertainment once on December 3, 2014 and another attach on December 8, 2014 was considered for the purpose of this research. These cyberattack shows how techniques are not just a strategic weapon to bring down societies or to terrorize societies. But it shows that attackers are getting increasingly comfortable with using cyberattacks and can quite easily gain access to consumer personal information, business information, and employee information and can bring a company to its knees. The recent attacks not only on Sony but also Home Depot, Target and others are raising concerns. What needs to be done? The attacks are becoming more frequent, more invasive and the attackers are being bold. Should there be collaboration between businesses to combat the rising issues? Will this change the way that others businesses work together? What role does the government have in protecting citizens and their right to privacy especially from foreign attackers? These issues are significant as they underline the element of crisis communication and collaboration.
Introduction
In the face of increasing business demands for the bottom line, growth, stock prices, and global economic pressures, businesses today have a lot to worry about. According to Ihab Hanna Salman Sawalha (Jorunal of Business Continuity & Emergency Planning Vol 7 number 4), “Resilience is defined as: the ability of people, households, business, countries, and systems to mitigate, adapt to, and recover from shocks and stresses in a manner that reduces chronic vulnerability and facilitates inclusive growth”. As Jack Welch talks about in his week 5 video that when there is a human factor involved there will be mistakes. Crisis, arguably, are the results of a series of mistakes and uncalculated risk that happen on a single or multiple levels of a business. The loss can be devastating to the business, the employees and other stakeholders.
There was a large amount of confidential and proprietary Sony Pictures Entertainment data stolen by cyberattackers. The stolen information includes personnel information, business documents, and film. Due to the nature of this atrocity, it is my responsibility as the CEO to communicate this devastatingly delicate information to the stakeholders. Communications are also consistently problematic in times like these and my communication must be carefully evaluated, clear, candid and must cover all concerns as best as possible. This is not an easy task as people can tend to get excited and panic and the cost could be astronomical. However, there is no room for anything but candor. The situation is very bad. My communication strategy is as follows: (Based on Week 1 Communication Strategy)
I. Communication Strategy
1. What is the objective?
2. What communication style to use?
3. What is the credibility?
II. Audience
1. Who is the audience?
2. What do they know and expect?
3. What do they feel?
4. What will persuade them?
III. Message strategy
1. Harness the power of beginnings and endings.
2. Overcome the retention dip in the middle.
3. Organize your message.
4. Choose the design cascade.
IV. Channel choice strategy
1. Written channels
2. Oral-only channels
3. Blended channels
V. Culture strategy
Stakeholders
It’s not enough to formulate a plan for survival when a crisis comes. A company needs to communicate often and effectively on how it is executing that plan (Michael J. Epstein Communicating with Stakeholders in a Crisis).
The first step is to communicate proactively to limit surprises and build credibility and trust. Given the gravity of the affects that the cyberattack might have on the internal audience, I will address them and their concerns first. The internal audience consists of the employees and those who work to create value directly by pursuing the organization’s objectives. This requires involving employees in the communications effort. That is, to provide employees with a written or clearly spoken express portrait of the situation. Also, let them know that I have a plan and that they are part of it. If the employees feel that there are financial issues, have concerns over careers and benefits. It may hurt their ability to do their jobs effectively and efficiently. Next there is the affiliate audience, these are the many groups, organizations and individuals who are stakeholders, and who benefit from the success or suffer from the financial or reputational losses. When communicating with the affiliate audience you have to share the good news and the bad news and be completely and thoroughly candid. Rumors can be rife and even good news is subject to people being skeptical. That is why it is paramount that I be completely transparent and candid about the crisis. Confrontation of any negativity is important, and to let everyone know that I am dealing with the issues head-on at breakneck pace. Ultimately, the company belongs to all stakeholders and management must earn back the right to run the company for the shareholders. Finally there is the external audience; this is the world outside of the organization. They may hold an opinion of the organization on which the corporate reputation depends. In today’s world, consumers are driven to go to the organizations website when news breaks. Therefore, it is very important that the websites are updated immediately to include news and information about the crisis. Another avenue too is social media such as Facebook, twitter feeds, and others should also be updated. A good weapon in fighting reputational damages due to a crisis is loading the facts onto these social media locations.
Communicating effectively across all three of these audiences can be difficult because effective communication is when the listener receives the exact message that was intended. Everyone has filters based on personalities, experience and current mood. Therefore for effective communication it’s important to consider the behavioral style of the listener. According to the Everything DISC profile, there are four different behavioral styles based on the Everything DISC (Dominance, Influence, Steadiness, and Conscientiousness) communication styles. The DISC assessment is based on the work done by William Marston, lawyer, psychologist, and inventor (he actually created a critical component of the lie detector). DISC assessments analyze behavioral styles and provide a report that maps the individual results to one of the four main styles. Information about the DISC profile assessment can be found at http://www.onlinediscprofile.com/.
Therefore, when communicating to a group of people all the communication will have to cover a broad range of listeners. I also have to make sure that my DC style will not dominate the communication as well. The Dominance/Conscientiousness style (DC) of management (according to the Everything DiSC Management Profile evaluation) says that I pride myself in my ability to face challenges head-on. That is a good skill to have especially in a crisis situation. I expect competency from myself and the people that I manage. My profile says that I have little patience for people who waste time and have, and expect, very high standards. These are the skills that I plan to use in my communications process.
Board of Directors
It is important to act honorably and transparently, communicating an urgent sense of values and the benefit offered to employees, customers and other audiences by showing a level of responsiveness on all aspects of the crisis. I have an outline prepared for the Board of Director audience about how we plant to get back on track with the business. The presentation will include: What Happened What is the specific explanation as to what happened? Who, what, where when why.
• It has been determined that the attack came from North Korea but they are denying it.
• The attack came from malware that was introduced by an internal release from an attachment
• The malware allowed access to classified employee information, business information and film
• Employee and entertainer information was illegally obtained
• Video files were stolen
• The attempt to do damage by the intruder is what caused the alarms to trigger The Current Situation
What is the current status of the crisis?
• The intrusion was mitigated once the alarms were triggered.
• There is no more opportunity to do damage or for theft.
• There is an ongoing investigation that includes the US Government.
• At this time everything is back under control and business as usual.
• The attempt to do damage by the intruder is what caused the alarms to trigger
The next steps

• Effective immediately the CIO has resigned
• The current security team will report to me directly
• I have a meeting scheduled with a new third party security vendor for auditing purposes
• Auditing and intrusion detection testing will be part of the daily operations
• Results from the auditing and testing will be reported to me on a daily basis
• A new security policy is being written by a third party in conjunction with me

Values of the firm
1. Transparency: Sharing information freely and openly
2. Operating Practices: Includes ongoing training, a new mission statement and execution
3. Candor: Making sure that people know and understand where they are within the company.
Moving forward there will be policies put into place that requires complete transparency across all business areas. This effort will start with me as I will begin to have meetings with the leadership team to make sure that there is a clear understanding of the policy as well as the need for transparency for all. Our operating practices will include training, a new mission statement and candor at all times and cost. Finally, candor will be included down to the evaluation process being rewritten. All employees will be heard and are encouraged to be engaged and involved. We are officially moving into a new culture that will revolutionize the way we do business.

References
Communicating with Stakeholder in a Crisis by Michael J. Epstein (peer review).
Effective Business Writing and Speaking by Mary Munter.
Book Board Oversite Risk management Crisis response strategy by International Finance Corporation World Bank Group Chapter 3 Business Productivity by Shawn Johnson.
Crisis Management From Oh-God -No to Yes We're Fine JWMI 505. http://eds.a.ebscohost.com.libdatab.strayer.edu/eds/pdfviewer/pdfviewer?sid=71179952-c381-47e0-a9fd-d05281498123%40sessionmgr4003&vid=1&hid=4210 https://blackboard.strayer.edu/bbcswebdav/institution/JWMI/Welch%20Winning%20Chapters/Winning%20Chapters/chapter_10_Crisis_Management.pdf https://blackboard.strayer.edu/bbcswebdav/pid-14236938-dt-content-rid-98445471_4/institution/JWMI/505/Lecture%20PDF/JWI_505_W9_L1.pdf http://arstechnica.com/security/2014/11/sony-pictures-hackers-release-list-of-stolen-corporate-files/ http://www.businessproductivity.com/communicate-effectively-leveraging-disc-profiles/ http://www.maximumadvantage.com/four-styles-of-communication.html http://www.onlinediscprofile.com/ http://www.ifc.org/wps/wcm/connect/8cf68c004776874abf93ff752622ff02/CGVN-Navigating-Through-Crises-Manual-for-Boards-Eng.pdf?MOD=AJPERES
https://hbr.org/2011/01/the-big-idea-creating-shared-value

Similar Documents

Free Essay

Cyber Attack

...Cyber Attack University of Phoenix Martese, Daniel, Terrence and Joe May 13, 2012 Mr. Thomas A. Maricle Introduction Cyber-attack is an attempt to undermine or compromise the function of a computer-based system, or attempt to track the online movements of individuals without their permission. These types of attacks can be undetected to the user and/or network administrator. Prevention At the time of this article writing, 86% of all attacks were aimed at home users. This article is from 2006, most likely the percentage is higher now. The article states that the home user does not take control and utilize their home firewall or antivirus software. To this end, I agree because most of my users that I have helped never opened their firewall or even heard of anti-virus. The author makes note what the difference between a detection and prevention system is. Prevention systems automatically detect and block malicious network and application traffic, while allowing legitimate traffic to continue through to its destination. A detection system just detects and would rely on the prevention system to act on it. The prevention system is said to block bad malevolent code and cannot block good code at the same time, while allowing for protection of newer and more advanced types of security threats. The users should get to know what they...

Words: 496 - Pages: 2

Premium Essay

Cyber Attacks

...of “implants” in foreign computer systems — for surveillance and potential offensive action — run through thousands of pages of documents released by Edward J. Snowden, the former National Security Agency contractor. But the willingness of Adm. Michael S. Rogers to discuss purely offensive cyberweapons in his appearance before the Armed Services Committee comes at a moment when the Obama administration is reluctantly experimenting with how to discuss the subject in public, much as it gradually began to talk about drone strikes a few years ago. Admiral Rogers, who heads both the National Security Agency and its military cousin, United States Cyber Command, was answering questions about how the United States could deter attacks like the kind that struck Sony Pictures Entertainment. President Obama has said publicly that the attack originated in North Korea. When pressed, Admiral Rogers said that erecting ever-higher digital fences would never be enough, and that “we have got to broaden our capabilities to provide policy makers and operational commanders with a broader range of options. Because in the end, a purely defensive reactive strategy will be both late” and would become “incredibly resource-intense.” “So, I have been an advocate of, we also need to think about how can we increase our capacity on the offensive side here, to get to that point of deterrence.” In interviews as he...

Words: 591 - Pages: 3

Premium Essay

Cyber Attacks

...Cyber-attacks over the recent years have caused strong stirs among corporations and governments enough to warrant the needed attention to fight them. A recent and more damaging attack is the dual attack’s that hit the Bitcoin Virtual currency systems, a decentralized p2p network-based virtual currency that is traded into US dollars and other currencies. The mode of these attacks was a DDoS attack (distributed denial of service). A DDoS attack is an attack in which a multiple of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. It works by flooding a web server with bad traffic enough to either shut it down or stop users from performing specific functions online, like making payment or making good on a bill. The motive behind a cyber-attack is taken very seriously to determine whether it is coming from another government, a hacker or a criminal. The attack on the bitcoin virtual system is suspected to be profit motivated, a way for the attackers to cause panic in the exchange then take advantage of the falling prices. The website of Bitcoin, instawallet was forced to shut down after hackers gained access to its database. Instawallet was notoriously insecure as it used a URL password mechanism for protection. . Perpetrators of DDoS attacks are usually nit caught due to nature by which the attack is initiated. There are a number of ways to prevent a DDoS attack. Most institutions, to prevent DDoS attacks, are turning...

Words: 406 - Pages: 2

Premium Essay

Review of Cyber Attacks

...software download area with software for Windows, Linux, Mac OS X and Windows Mobile.” The paper under review today is titled “Targeted Cyber Attacks”, written by the site GFI.com and published as an eBook available at Help net Security. Targeted Cyber Attacks is an extensive, 25-page review of cyber attacks in a general sense, exposing the impact, extent of the problem, effectiveness of attacks, solutions and attack avoidance. It explains that the definition of a cyber attack is specifically when a company is attacked electronically for the purposes of gaining access to data or compromising functionality and causing denials of service. The paper starts off with a definition of those who are actually at thread for attack – EVERY organization. The paper’s position is that all organizations are vulnerable, whether they believe it or not, and that there is no target too large or too small that can be attacked. Visibility of the company, perception of the ease of attack, and hiding their vulnerability from the public all have nothing to do with whether or not an attack will take place. GFI explains how the actual extent of the problem is wide-ranged, consisting mainly of opportunistic (non-targeted) attacks such as Trojan horse programs, phishing scams, 419 scams, and mass-scanning for vulnerable services (which can transition to a targeted attack!). One test reported in the paper showed that an unprotected Windows-based system might be compromised by opportunistic...

Words: 1450 - Pages: 6

Free Essay

Living in the Age of Cyber Attacks and Cyber Warfare

...Living in the Age of Cyber Attacks and Cyber Warfare UMUC   If you asked the average person on the street about cybersecurity and cyber warfare, they would probably say they don’t know much about it other than the fact that it involves computers. In fact, for anyone outside of the cybersecurity industry, the closest thing to cyber warfare that they may have experienced was their viewing of the movie War Games, or the fourth installment of the Die Hard series, Live Free or Die Hard. While those movies had a profound impact on the lives of the characters in the script, the audience probably thought it was merely fiction, not fully based on fact. In Live Free or Die Hard, John McClain (played by the indefatigable Bruce Willis) is attempting to stop a domestic cyber-terrorist who is acting out on a vendetta against the United States. The cyber-terrorist is successful in launching an online attack to overload and destroy a power grid that left much of America’s East Coast in darkness. When I first saw this movie, I was curious if an attack like that was really possible; however, most people around me just labeled the movie as “Hollywood’s overactive imagination”. With cyber attacks literally having the ability to affect lives in a nanosecond, it is vital that everyone understand what cyber attacks entail, the impact of these cyber attacks on a domestic and international scale, and knowing what to expect in the future while living in a world dominated by virtual experiences...

Words: 2352 - Pages: 10

Free Essay

Recent Cyber-Attack and Mitigation Techniques

...Recent cyber-attack and mitigation techniques ISSC 361 American Public University System April 9, 2016 Computer-based attacks have been going on the around the world. Individuals or governments hacking into individuals or rival governments systems. Private corporations are hacking each other in the quest of power. They have been several recent computer-based attacks that every information security expert should be aware of. This short paper will discuss one of these recent attacks, which provoked a collective blackout, the Cyber-Attack Against Ukrainian Critical Infrastructure and present an overview of some mitigation techniques. The Cyber-Attack Against Ukrainian Critical Infrastructure was conducted using a malware called BlackEnergy. This attack targeted six Ukrainian energy organizations was perpetrated by attacker from outside the organizations. This attack has had effect on about 225000 customers of Ukrainian regional electric power distribution companies (Lee 2016). The intruders organized the attack by conducting a recognition of the network of the victim. The attacks took place with an interval of 30 minutes from each other affecting many central and regional installations (Vicinanzo 2016). The attackers, controlled the breakers from distance by using distance control administration tools already in place on the operating system or “distance industrial control system (ICS) client software through virtual private network (VPN)” after gaining rightful access to...

Words: 893 - Pages: 4

Free Essay

Cmgt441 Week 3 Cyber-Attacks Individual Paper

...Cyber-attacks are a major problem to businesses as well as home users, it is in every nook, and cranny in the world of computers and prevention is a major concern to all. Many websites have contracted viruses or denial of service attacks and some host malware. Unsuspecting visitors visit these sites and contracted the spyware, malware, or viruses to their own home computer. What can we do for this? Well, there are preventive measures that one can take companies or home users. To find preventive measures the user must first understand the hacker and how they work. The vulnerabilities of one’s network are those call weaknesses or holes, hackers love these and can scan a system for days trying to find them. It is the administrator or IT department to find these such holes and find a way to abolish them before they are inundated with the chaos the hackers bring forth. Agreeing with “HackingAlert” the prevention is more difficult and complex in real life (HackingAlert). A large threat and a near fatal threat is the malware, it is used to capture vital information from the user’s computer, such as logins and passwords. This type of information is used in high-risk areas such as banking information. It can be well hidden in applications like a PowerPoint presentation, email, instant messenger, or a Web Site may have it hidden or embedded in the site itself. This paper will discuss these measures in hopes to educate the user in open-minded scenarios. First thing to know is that there...

Words: 816 - Pages: 4

Free Essay

Cyber Attacks

...Cyber Attacks on the Government’s Transportation Grid Breaches and Security Implications by Penetration of the Western Interconnection’s  Traffic Control System and its Effects on Modern Day Life  Year after year, a number of films are released involving computer hacking of some sort along with cyber-villainy. As entertaining as they are, the validity of these possibilities is not explored. Many of these films center revolve around a chaotic vehicle-related scene where a form of the government’s transportation grid is compromised. The breach typically involves traffic control. As the stoplights and streetlights are in a state known as gridlock, external hackers usually make the situation as unruly as humanely plausible. However, the very nature of this unfortunate scenario can only be determined once the backgrounds of the systems that control it are thoroughly studied.  The contiguous United States is divided into three main alternating current power grids.  The Western Interconnected System, or Western Interconnection, is the one applicable to those  of us living in California. The electric utilities functioning in this region are tied together,  operating at 60Hz. While the grid is currently electrically powered, research by the National  Renewable Energy Laboratory (NREL) in Colorado indicates the Western Interconnection can  handle higher levels of renewable energy, in a quest to implement alternative energy sources. If  integrated correctly, the NREL have...

Words: 3038 - Pages: 13

Premium Essay

Cyber Attacks

...Cyber Security By Charles Jackson Strayer University Theories of Security Management CIS 502 Dr. Emmanuel Nyeanchi June 7, 2013 Table of Contents Abstract 2 NICE Strategic Plan 3 NICE Goal’s 3 Stockholders 4 NICE Outcome: 6 Professional Competency: 7 Conclusion: 7 References: 7 Abstract Cybersecurity has evolved with such quickness that it is challenging to capture all the moving parts. New threats to include old ones are being developed every day as do plans to defend against them. Electronic information is a critical part of our culture. It’s often said that electronic information created our way of life. No matter how far we’ve advanced with the age of new Technology, it remains a fact that cyberspace has a phenomenal impact on each of our lives. It’s extremely important for us to understand that we must have security in cyberspace just as we maintain security in our physical world. It’s very difficult...

Words: 1131 - Pages: 5

Free Essay

Cyber Attack Prevention

...Cyber-Attack Prevention As cyber-criminals become cleverer with the cybercrimes, more and more individuals are in danger of a cyber-attack. The threats become more intense and damaging as technology grows. Often times, home users think computing and surfing the Internet is safe when at home. It is a necessity to be aware of the prevention methods whether at home or at work. To further the comprehension of cyber-attack prevention, an article is chosen and an evaluation is the article. The evaluation of an article will include a stance on the quality of the material, selections of various aspects, descriptions of each aspect, reasons for an individual viewpoint, and an example. Article Summary Home users need to practice prevention methods when using the Internet at home. Cyber-criminals’ methods and targets have evolved (Damico, 2009). Several home users may not be aware that any connection to a network is networked activity and requires some measure of protection. According to the Damico (2009) article, a prevention system must identify and stop malicious attacks before they do damage and have a chance to infect a system. It is not only imperative to use prevention methods, but also it is imperative to understand prevention methods. Technology prevention methods will no longer be adequate to protect against the modern cyber-criminals of today. Material Quality The quality of the material is credible. The article is valid. The author uses more than one in-text citation...

Words: 722 - Pages: 3

Premium Essay

Cyber Attack Persuasive Essay

...is when a network is overloaded with hundreds of thousands of thousands of packets of information. That resulted in little or no internet usage for Georgia and even some websites were inaccessible. On February 1989, hackers were able to hack into the Pentagon and ruin millions of personal and pay records, inventory reports, parts lists and other documents from many different military services. These cyber attacks can impact millions of people and can be done from across the world. If done right a massive cyber attack can even have the power to destabilize large populated areas. (Yan L., Page 1) In the cyber world there are a few major threats to the United States for example countries like China, Russia, North Korea and Iran. As the world stands today it would not be wise for the United States and China to go to war because of how much both countries depend on each other from an economical standpoint. Although it is not impossible because China is not part of NATO, if China were to start cyber attacking the United States it would more than likely result in some type or counter attack by the United...

Words: 1053 - Pages: 5

Premium Essay

Target Cyber-Attack Summary

...In 2013, the cyber-attack against Target cost the company a great deal of money caused the company’s reputation to be damaged and customers worried about shopping at Target. This cyber-attack clearly showed how vulnerable Target’s information system was. It is important to secure information on any system, regardless if it is your personal system or a corporation’s system. The big issue with Target’s breach and other companies’ breaches is the fact that the people responsible for the cyber-attack received information on the company. However, even more importantly they received personal information on their customers including names, debit/credit card information, etc. “Security refers to the policies, procedures, and technical measures used...

Words: 649 - Pages: 3

Premium Essay

Target Cyber Security Attack Case

...1) Target is outstanding amongst other U.S. based retail chains, pulling in more than $73 billion yearly as displayed with cash related enlightenments from the alliance and serving a broad number of customers constantly. Despite how those figures are by and large vital for business, they moreover paint a target on the relationship's back for front line punks. Despite whether it's valuable data that can be sold on the black market, control access to budgetary records or other Target-guaranteed assets, there are particular purposes behind electronic guilty parties to ambush the retailer. Cyber security was not a need at Target. They comprehended it after the POS (Point of Sales) strike that it is a colossal issue that must be made in a flash, making nature ensured and secure. Spending check amidst the night, their surroundings was ensured and secure. Target discarded the malware in the find the opportunity to point, they were astoundingly certain that coming into Sunday guests could come to Target and shop with insistence and no risk, told. to appear to a more prominent degree a propelling record of the course of occasions instead of words beginning from...

Words: 1305 - Pages: 6

Premium Essay

Cyberwarfare

...netwar by the military. It includes hackers, listeners of communications systems, van Elckradiation115 listeners and so on. Cyberwar consists of information terrorism, semantic attack, simulation warfare and Gibson warfare. Typically Cyberwar is warfare, or hostile influence between attack- and defence programs in computers, computer networks and communication systems. For many, the term cyber war conjures up images of deadly, malicious programmes causing computer systems to freeze, weapon systems to fail, thwarting vaunted technological prowess for a bloodless conquest. This picture, in which cyber war is isolated from broader conflict, operates in an altogether different realm from traditional warfare and offers a bloodless alternative to the dangers and costs of modern warfare, is attractive but unrealistic. Such a scenario is not beyond the realm of possibility, but it is unlikely. Cyber warfare will almost certainly have very real physical consequences. Computer technology differs from other military assets, however, in that it is an integral component of all other assets in modern armies. From this perspective, it is the one critical component upon which many modern militaries depend, a dependence that is not lost on potential enemies. Countries around the world are developing and implementing cyber strategies designed to impact an enemy’s command and control structure,...

Words: 5055 - Pages: 21

Premium Essay

Cyber Security

...Cyber security is a critical and growing issue in the world today. President Obama said this issue is, "one of the most serious economic and national security threats our nation faces" (Cybersecurity). The United States is one of the most computer dependent societies and has the most computer dependent military and intelligence agencies. With more and, more of our country being ran by technology we are at a bigger risk of attack. A cyber attack could be the most devastating attack our country has ever faced. An attack on America’s cyber infrastructure could cripple the country and put us at an even greater risk of a normal attack. FBI Director said “Counterterrorism — stopping terrorist attacks — with the FBI is the present number one priority. But down the road, the cyber threat, which cuts across all FBI programs, will be the number one threat to the country” (Paganini). The message is clear the cyber security threat we are facing today is a dangerous and growing threat that has serious offensive potential and is often difficult to detect or prevent. An attack on a nation’s critical infrastructure can be devastating and when you add the fact that cyber attacks often do not make themselves know until it is to late could make for a devastating first strike prior to an invasion. Cyber security is defined as measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack. The term “cyber security threat” means...

Words: 2041 - Pages: 9