Code Red

Security PR Network

PR Blogs

The Need for Speed (With Breaking News)

By

By: Kirsten Scott, Account Director at éclat Marketing

breaking-newsResponding to breaking news can be a successful tactic for positioning spokespeople as experts in their field. Monitoring the day’s breaking news is an important part of the daily PR agenda, which means that having processes and strategies in place for swift response, when needed, is vital. It can also help in relationship building if a spokesperson can become a trusted source of quick comment.

When news breaks, journalists are looking for experts that can explain the situation clearly, add value to the story and give insights on its wider implications and context. Think about the major cyber security stories that have broken recently, from the leak of the Panama Papers to the FBI / Apple encryption debate; clear, reasoned and informed comment from industry experts and commentators helps to build a fully rounded story on what can be complex and sensitive issues. So what are the key components for getting a rapid response process in place?

Availability of Spokespeople
The starting point is to have designated spokespeople in place, that can be ready to respond to news stories. If there are different experts that are better suited to commenting on specific types of stories, compile a list of these against their specialist areas with contact information to avoid rushing around trying to locate the best spokesperson when a news story breaks. Are they able to speak directly to a journalist if needed? If so, and it’s a rapidly developing news story, then prepare them with as much information by researching and gathering all the facts in hand.

Timing is all
The golden rule for rapid response to breaking news is worth underlining here. If a story breaks and a journalist requires quick comment on a story, then act promptly. Otherwise, they will have filed the story and moved on. Journalists need comment sent to them swiftly and certainly well in time for any stated deadlines.

Concise
If you’re submitting written comment, this is not the time for extensive analysis on the story. Most featured comment in a news story will be a couple of paragraphs at most. So keep is simple, crisp and concise. It’s also not the time for reiterating what everyone else has already said on a story. Think about what new insights can be offered; the journalist is looking for additional information, opinion or insights that will add value to the story rather than ‘vanilla’ statements which don’t. Consider also if you have any facts or supporting data from your organisation’s own reports that could be used to add value to the story.

Is it better to wait or not comment?
Take each story on its merits and consider the implications of weighing in on a particular issue. Understand and discuss with the PR team which types of stories you would be willing to comment on, and which you won’t. Consider the wider context, for instance, are there business objectives that need to be considered before offering comment on a specific story? Breaking news requires quick response, however it’s worth bearing in mind that some big stories will have a longer ‘life’ and can evolve as more facts come to light. In some cases it might be prudent to wait until more facts are known before offering comment.

Rapid response is a team effort that can pay dividends if it’s done well. PRs need to work closely with their clients and spokespeople to ensure that all sides have a good understanding of what’s involved and how to respond in the best way.

How Some Security Stories Make Hyped Up Headlines and Others Don’t

By

[et_pb_section admin_label=”section”][et_pb_row admin_label=”row”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”]

By: Michelle Schafer, Vice President at Merritt Group

After being in cybersecurity marketing and PR for 13 years, I’ve seen a bit of a “hype cycle” during my career in how the media cover certain security trends, technologies and threats. These days, it’s less about actual security products and technologies that solve the threats, but more about the latest nation state threat or attribution report that reveals a new cybercrime gang dishing up advanced malware in Russia or China. From Operation Aurora to Heartbleed to POODLE to Carbanak Gang (and everything in between), I feel like I’ve seen it all. But are those hyped up threats and news headlines really helping security pros do their jobs any better? 

This Summer, I teamed up with Tim Wilson, the Editor of DarkReading, to give a talk at RVASec, Richmond, Virginia’s top security show, to explore this very question. Our presentation, The Changing Mind of the Security Pro — How Hype and Media Shape Infosec Priorities was well attended — it’s actually the second time we’ve presented at this show on this topic so I’m guessing they like us! 🙂 

The premise of our talk is that it’s very difficult for security professionals today to have clear priorities when there’s a storm of news reports, vulnerability disclosures and other hyped up security threats in the media. It becomes a bit chaotic and confusing at times, when threats are so often over-hyped in our industry. It begs the question: do security professionals lose sight of what is most important to do their jobs effectively? Are they patching a critical Windows vulnerability or worrying about APT28 (aka Fancy Bear)? 

We kicked off our talk exploring a Black Hat survey of 250 of infosec pros that laid out the top concerns of security pros, which topics they felt were overhyped and underhyped and sources where they thrust to get good information. The findings reported that the top concerns included: 

  • Phishing/social engineering 46%
  • Sophisticated and targeted attacks 43%
  • Vulnerabilities introduced by internally-developed apps 20%
  • Data theft/sabotage by malicious insiders 16%
  • Espionage/surveillance by foreign governments 15%
  • Polymorphic malware 15%
  • Accidental data leaks 15%
  • Ransomware 13%

And when asked which issues they felt were overhyped, they responded:  

  • Government surveillance 36%
  • Espionage by foreign governments 26%
  • Hacktivists 24%
  • Ransomware 23%
  • Internet of Things security 21%
  • Sophisticated and targeted attacks 20%
  • Phishing/social engineering 11%
  • Mobile threats 10%

And finally, when asked which issues were under-hyped and needed more attention, they responded: 

  • Accidental data leaks 23%
  • Phishing/social engineering 19%
  • Government surveillance 17%
  • Vulnerabilities in off-the-shelf apps 17%
  • Internet of Things security 17%
  • Vulnerabilities in in-house developed apps 16%
  • Espionage/surveillance by foreign governments 15%
  • Sophisticated and targeted attacks 10%

Note that phishing/social engineering and sophisticated/targeted attacks were listed in all three categories: they are top concerns that are overhyped and under-hyped. Clearly, it’s a bit confusing! Ransomware is also another topic that made major headlines this year, which explains why some think it is an overhyped topic. 

The survey also asked the respondents about their primary sources for the most reliable information. They said they mainly get information from security blogs (71%), IT news media (70%), conferences (68%), colleagues (56%), vulnerability sites like US CERT (51%), social media (49%), Google/search engines (47%), professional associations (39%) and mainstream media (19%). 

Looking at the data and how the media has covered the threat landscape over the years, the big takeaways included: 

  • What’s in the media doesn’t always match the security pro’s priorities; the media focuses on the new and the “info sexy”; 
  • The “most reliable” data sources overhype some things and under-hype others; and 
  • The “most reliable” sources can be influenced by many factors.

But let’s face it, hype equals widely read news headlines and that just means PR pros and journalists are only doing their jobs. At the end of the day, it’s really up to the security pros to determine their own priorities to get their jobs done – and really try not get distracted by all the crazy noise out there! 

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

Cybersecurity: the key factor for successful digital transformation

By

[et_pb_section admin_label=”section”][et_pb_row admin_label=”row”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”]

By: Laëtitia Berché, Owner, Cymbioz

cybersecurityCybersecurity is often perceived as merely a response to operational risks. In reality, it’s much more than that – it is a crucial part of preventing systematic risk, because without cybersecurity the future of a business which cannot fully and safely execute its digital transformation is in danger.

People usually talk about risk when approaching the subject of cybersecurity. Risk is often also the first argument put forward when defending the security budget: “If we do nothing we risk…”

But what do we risk, exactly?
The standard response here is often very straight-forward: a data breach, a production delay, losing several days’ work while restoring systems, or no longer being able to send clients an invoice at the end of the month.

Presenting the risk in this way is to essentially label it as ‘operational’. While this is an important point, we should not link cybersecurity to just the everyday operations of a business. Instead, we should focus on something more worrying: the ‘systematic’ risk. This is the key concern that should be used to highlight the importance of cybersecurity.

For economists, systematic risk is something that relies on the financial system of an organisation, but not on certain markets or economies in particular. According to the BCE (European Central Bank), it is a risk capable “of negatively impacting the growth and well-being of individuals”.

When applied to a business, systematic risk is therefore something that has the potential to impact negatively on the company’s growth, its capacity to remain stable or alter its position in the market. Even if organisations feel that innovation is crucial, many of them will delay digital transformation and innovation projects because the risks associated with cyberattacks are judged to be too great.

Conversely, a business would be affected by systematic risk if it ignored digital transformation, as today this is a key differentiator in many different industry sectors.

Cybersecurity should be a fundamental element in a company’s digital strategy
Digital transformation has demanded that businesses reinvent themselves and take account of innovative data control practises (for example Open Data, Big Data and collaborative data) while responding to new business requirements. The importance and degree of digital transformation varies according to the industry a business operates in, but ignoring such a huge global movement would surely be a huge risk for any organisation.

Businesses incapable of undertaking such a transformation could find themselves easily replaced by more digital competitors, and could lose their precedence and position as an industry expert. This is particularly true of the retail industry where shops and big brands can no longer ignore the benefits of digitisation; technology allows them to offer a personalised online and connected service, based on a deepened understanding of clients to improve their loyalty or assure optimal stock management.

However, to make this technological transformation happen, it is necessary for businesses to have a strong and solid digital foundation. Without effective practises, tools and processes dedicated to cybersecurity, initiatives based on digitalisation could make an organisation more fragile, and leave them exposed to avoidable operational damage (data breaches, regulatory or legal problems). It is precisely this which contributes to the systematic risk of technological advancement: by ignoring the threat of cybercrime because they are scared, and because they don’t have a solid digital foundation, organisations risk setting themselves up to fail.

The true ‘business case’ for cybersecurity lies in its ability to help organisations prosper and grow in the age of digital transformation. The right cybersecurity solution can allow a business to undertake a technological transformation as smoothly as possible, while making sure the company does not lose its position as a market leader and ensuring it is not overtaken by more naturally agile and digitised competitors.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

Israel – A Cyber Security Powerhouse of Biblical Proportions

By

[et_pb_section admin_label=”section”][et_pb_row admin_label=”row”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”]

By: Dianne Canham, Managing Director at Code Red UK

israelThere’s so much to love about Israel, the awe-inspiring history of Jerusalem, the hubbub of Tel Aviv, the welcoming people, to name but a few. And, having returned from my first trip there in a few years, to present at a seminar organised by our Code Red agency in Israel on “How to Launch a Cyber Security Company in Europe”, it felt a bit like taking coals to Newcastle. There’s probably no other country on the planet that’s so in touch with the concept of “Going Global”.

Yet what struck me once again as it had on previous visits, was the sheer work ethic and entrepreneurial spirit of the people. The cyber security industry is not only “alive and kicking” in Israel, it is positively doing summersaults; due in no small part to the role of the elite military Israeli Defence Forces, like Unit 82000, which is unquestionably at the heart of the cyber start up community. It’s little wonder that cyber security exports from Israel are second only in size to the US, which – when you consider the size of Israel a country of just 8.5 million inhabitants – is an astonishing achievement. There is today around 430 cyber security start-ups, generating exports of more than $60 billion – suffice to say who was I to teach them anything!

Given the very limited appeal of the home market, the desire to export is in the very DNA of the people and the march of exports to the USA is pursued with an almost messianic zeal. What’s also immediately apparent, is the integral role of VCs and universities like Ben- Gurion University in developing and nurturing the skills needed to create cyber security global giants like Check Point and the more recent IPO success of Cyber Ark. Today, many ex Check Point alumni are at the helm of a new generation of disruptive security companies like Illusive Networks and SentinelOne (full disclosure we do the PR for SentinelOne) and – judging by the latest line up of Gartner’s Security Cool Vendors – there are many more cyber successes waiting in the wings. The one thing you notice about the Israeli people is their connectedness. Everyone knows everybody else, which means that if you do a great job for one then everyone gets to hear about it. Conversely of course the same is true!

It’s also interesting to observe that, whilst the home market holds limited potential from a sales standpoint, the intense battle to attract and retain the brightest minds in the cyber security firmament is feeding the local demand for PR services. Whilst it’s clear too that the VC funds in Israel are following their US peers in reducing the numbers of investments, there is little doubt in my mind that we will continue to see mindboggling innovation from this land of cyber security promise for many years to come.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

A new level of threats requires new paths in IT security PR

By

[et_pb_section admin_label=”section”][et_pb_row admin_label=”row”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”]

By: Dorothea Keck, Weissenbach PR

public-relationsCyber threats are almost as old as the idea of the modern computer. The first viruses had been developed and spread via floppy disks in the early ’80s. In 1988, the first Virus Construction Kit came into existence and enabled even beginners to assemble viruses with specific properties. The commercialization of the Internet and the rapid dissemination of internet connections in the 1990s paved the way for further success of hackers, crackers, viruses, worms, etc.

Now, in the 21st century, cybercrime has reached its preliminary peak: The growing proliferation of mobile computing and the increasing digitization hold significant challenges for IT security and offer to hackers a myriad of points of attack. Spam and phishing mails as well as sophisticated malware have turned into a profitable business model which causes multi-billion losses every year. The fact, that the internet has found its way into sensitive industries such as finance and healthcare reinforces the hacker´s militancy, as online banking, mobile payment apps or connected medical devices open the floodgates to profitable manipulations and data theft. In the dark web stolen credit card data or patient information are sold at premium prices. Especially highly targeted attacks against companies have increased enormously over the last years. Besides DDoS attacks, blackmailing and sabotage, particularly industrial espionage plays an important role – thanks to industry 4.0 and the ideas of the smart factory.

Growing requirements on IT security

The IT ecosystem has changed enormously in the last years and will continue to evolve rapidly in future. Thinking of all the headlines around attacks of the last months, it becomes clear that maintaining IT security is nowadays much more difficult than some years ago. In a connected world, where every year hundreds of thousands of new smartphones are sold and just as many new apps are released, we are inevitably faced with an ever-increasing number of vulnerabilities that lead to security leakage somehow.

This makes it all the more important for companies to develop a flexible security concept which identifies all critical risks and covers all vulnerabilities. Traditional security tools against traditional threats remain indispensible, but need to be supplemented by new innovative methods of defense. Today, IT security comprises many forms: From anti-virus software and anti-spy tools to firewalls, network security solutions, Mobile Device Management (MDM), cryptography, obfuscation and innovative application hardening technologies. Companies finally have to realize this instead of continuing to rely on proven but no longer sufficient methods.

How security PR can help

Besides the lack of resources and budgets, the main reason why companies still neglect their IT security is their ignorance of potential threats and available protection technologies. Today, security companies face the challenge of positioning themselves in in the jungle of various providers and approaches, differentiating from their supposed competitors and emphasizing their unique selling points. For them, target-oriented public relation has become more important than ever.

As a PR agency that has been working with IT security providers for many years now, we are fully aware of this challenge and well prepared to meet it.  Here, public relations mean, first of all, educational work: Where are these risks? Which attack scenarios are possible? How can our customer´s solution minimize or eliminate the threats? Compared to the earlier times, the need of an explanation regarding IT security has increased. While the intent and purpose of traditional methods like anti-spam tools or virus scanners are even understood by laymen, this is no longer the case with innovative technologies like application runtime self-protection for example. In many cases it is necessary to explain the problem (threats, vulnerabilities) first, before starting with the actual product presentations.

For us, as the supporting agency, this means to first identify the right target media that are relevant for our clients and then to adequately communicate their content (through press releases, professional articles, breaking news comments, interviews or via social media). It is of major importance that technically sophisticated scenarios are presented in an understandable and comprehensible manner.

Strategic public relations can help IT security providers significantly sharpen awareness of cyber risks, show industry competence, create an extensive and continuous market visibility and finally convince their customers.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

5 tips for picking the right International PR Partner

By

[et_pb_section admin_label=”section”][et_pb_row admin_label=”row”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”]

By: Kim Smith, Account Director at éclat Marketing

pr-partnerNow that spring is looming, how are your New Year’s resolutions holding up? With the earth renewing, perhaps spring is a better time to take a fresh look at what you doing, anyway. That is definitely the vibe we are getting here at éclat and CodeRed from our clients, many of whom are looking to expand into new territories in this year due to business growth and are looking for a PR agency in those regions. Therefore, we would like to share 5 tips to take into account when it comes to picking an international PR partner.

1. Are they specialists in my field?
Each PR agency will have a certain area of the market that they specialise in. This can range from B2C, FinTech, Investors, B2B technology – you name it and someone will specialise in it. So it is key to know what audience you are looking to target with your campaigns and messaging. There is no point in hiring an agency that specialises in the consumer sector if you are trying to reach a government audience. Here at éclat, and with our PR network CodeRed, we specialise in Cyber Security PR and pride ourselves in knowing the market inside-out and back-to-front. Make sure that the agencies you are looking at have a proven track record in your market, can demonstrate client references and a strong knowledge of the issues that are making headlines in the media.

2. Do they have the geographical reach you are looking for?
When you are investing into expanding your PR program into unchartered territories, you need to be confident that they can reach your target audience. We’ve had conversations in the past with companies that have said that they want to expand into the DACH region, or the Nordics, or even more broadly Eastern Europe. However, in reality it isn’t quite as simple as that. Under each region you will find numerous different countries, all with their own journalists, different issues making the headlines as well as speaking different languages and dialects. Take Africa as an example; are you only interested in the English speaking media or do you want to reach the French speaking as well? If so, does the agency have the capabilities to translate the materials and communicate with the journalists? Therefore check to make sure that they can cover all the different countries and localise the materials as necessary. By localising the content it increases the chance of media pick-up and demonstrates that you are committed to the region.

3. Co-ordination between agencies or repeat yourself like a parrot?
No-one likes to repeat themselves and if you are working with a number of different PR agencies then you can often find yourself saying the same thing over and over again. Combine this with the challenge of time differences and, for those companies headquartered in the US and working with EMEA-based agencies, it could be seen to be a management headache. Therefore it is worth looking into whether the PR agencies are a part of a network and, if so, you can appoint one as the ‘Lead Agency’ who can do all of the heavy lifting for you. They can be the ones to receive a brief from the client and then feedback to the other partners, plus share content, collateral and campaign ideas to ensure that there is a consistent message across all of the PR communications. You can also then rest assured that the agencies are capable of working alongside each other and will complement what the others are doing as it is likely that they will have a history of working for joint clients in this way.

4. Can they offer additional services to add value to your business?
If you are launching PR into a new region then we have often found that the company could also benefit from additional marketing services to support the activity further. Usually the company will have a sales person in the region and they are relying on assistance from HQ. As we have touched on before, localisation is key and having someone on-hand to provide guidance, advice and structure can be immensely valuable to the business operations in the region. It is therefore worthwhile to ask if the PR agency can offer supplementary services and consultancy to help get the business up and running. This could range from event support, website design and content creation, drafting whitepapers or blogs for the website, through to preparing a full marketing strategy to drive lead generation. If you don’t ask, you don’t get!

5. Can they guarantee an ROI?
You want to be able to show that you got results from your investment, particularly if you need to justify your marketing spend to a board of directors or investors. Therefore it is worth understanding not only how the PR agency operates, for example are they proactive or just reactive, but also whether they can really deliver what they promise. The subject of demonstrating ROI has long been a subject for debate. Do you base it on Advertising Value Equivalent? Readership? How many hours the team spent on your account? At éclat, we adopt a shared risk-reward approach. This ensures at the end of the quarter you have tangible results that you can share throughout the company. Our Payment-By-Results (PBR) approach links a part of our remuneration to achieving pre-agreed targets for the quarter. This can range from setting up a certain number of media or analyst briefings, media coverage in tier one publications, byline placements through the increasing social media activity by X%. Our clients love this methodology as it not only forces them to think about what they want to achieve in the quarter but also guarantees them something demonstrable at the end. There is no point in investing in PR if you can’t show the value of the investment – so make sure you get the bang for your buck.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

Talk of the town in Sweden

By

[et_pb_section admin_label=”section”][et_pb_row admin_label=”row”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” use_border_color=”off” border_color=”#ffffff” border_style=”solid”]

By: Susan Rose, Account Director at Susan Rose Communication

cybersecuritySomething huge happened in Sweden on March 19 2016 – the two biggest media houses were attacked in a DDoS-attack timed to coincide with “Earth Hour”, the hour when we’re all encouraged to turn off our lights for an hour to show we care about saving the planet. In a split-second everyone was talking about security.

The attack was the most well-coordinated and sophisticated DDoS-attack ever seen in Sweden. Since then the news agenda has been focused on IT-security and how vulnerable businesses are to attacks. From being an issue for C-level executives, security is now discussed around the breakfast tables in Swedish homes. IT-security has become one of the hottest subjects in the Nordics and the incident is considered very serious and damaging for Swedish society.

Swedish authorities, all the way up to the Prime minister are concerned about the attack, which seemingly is the most powerful of its kind in Swedish history. The media discussion very quickly moved from hosting companies at risk, to questions angled towards the consequences that this defencelessness may have on security in society itself. The DDoS-attack confirms that cyber attacks are continuously increasing and that many companies out there are not prepared to deal with severe incidents.

Want to know more about how to communicate IT-security during what could have been a really stormy media crisis? Contact susan@susanrose.se

Some of the many, many articles written about the attacks: http://www.nyteknik.se/digitalisering/medie-attackerna-anses-systemhotande-6537667

Talk ””Christmas tree attack” made Swedish mediahouses shut down this weekend” http://www.idg.se/2.1085/1.653844/julgransattack-ddos-mediesajter

”Enterprises afflicted by what seems likely to be the biggest co-ordinated attack in Sweden this far” http://www.dn.se/nyheter/sverige/flera-foretag-drabbade-av-storsta-attacken-hittills/

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]