Recently, reports surfaced that the DoppelPaymer ransomware gang targeted Hyundai Motor America and its subsidiary Kia Motors America with ransomware attacks. The car makers’ data was allegedly hijacked and encrypted, and the companies reportedly extorted for the equivalent of $20 million in bitcoin.
While Hyundai acknowledged they were experiencing some IT issues, they denied it was a cyber attack, despite news reports to the contrary and social media posts that claimed Kia employees confirmed the incident.
In a statement to BleepingComputer.com, Hyundai said, “At this time, we can confirm that we have no evidence of Hyundai Motor America’s involvement in a ‘ransomware’ attack.”
SecurityWeek.com also reported on the matter and stated that they “checked the website where the DoppelPaymer hackers leak data from victims and post proof that they breached the companies, but at the time of writing, there is no mention of Hyundai or Kia.”
What actually happened remains to be seen, but this story illustrates the importance of a communications strategy as part of your cyber incident response plan (you do have one of those, right?).
As cyber incidents become more common, ransomware is considered the Number 1 threat to businesses. Even so, 50% of information security professionals do not believe they are prepared for a ransomware attack, according to PurpleSec.
So, here are three things to consider as you forge your communications strategy as part of your cyber incident response plan.
Shaping the Narrative
No company wants to admit they were the victim of a data breach, much less one that is holding their entire network hostage, risking both their data and reputation.
While it remains to be seen if Hyundai/Kia was, in fact, the victim of a ransomware attack, when news reports and social media posts are contradicting the official company story, it’s indicative that the company was not taking steps to effectively communicate what was happening right away.
Of course, in the midst of a crisis, even the best communication plan can crumble. Here, it’s important to remember that there’s only one version of the truth and sticking to the facts of what happened will always serve your best interest.
Handling Internal Communications
Your employees are the face of your organization, but never more than in times of crisis. They should be some of the first people to receive information.
When you equip them with key talking points and messages to tell customers, friends, and family reaching out with questions about the cyber event (and give them guidance on where to direct media inquiries), you empower them and reassure them that the company has the situation under control.
Preparing for the Incident
Scribbling a media release on the back of an envelope with a Sharpie after your network has been hacked can go all kinds of wrong. Build a communication plan into your cyber incident response plan ahead of time.
As ransomware attacks become a No. 1 threat to businesses when it comes to cybersecurity, nailing your communications during a crisis can put stakeholders at ease knowing you’ve got it covered.
Related Blog Posts
Multi-factor authentication (MFA) is an increasingly important solution to thwart account compromise attacks, especially when the workforce is remote and gaining access to key corporate networks and applications is vital.
Learn more about the constant evolution of social engineering attacks, how insurance responds to attacks, coverage requirements, and best practices for reducing your risk.