Crisis Communications and Incident Response in Cybersecurity, with Meredith Griffanti
05/01/23 • 34 min
Our guest in this month’s episode of the Cyber Insider is Meredith Griffanti, the Global Head of Cybersecurity & Data Privacy Communications at FTI Consulting. Ms. Griffanti has worked on some of the most high-profile and highly sensitive data breaches around the world and has successfully navigated responses to incidents such as business email compromise, phishing and spear phishing, DDoS, credential stuffing, nation-state, critical infrastructure and major, double-extortion ransomware attacks.
Ms. Griffanti shares her experience in navigating crisis communications, refining incident response plans and the lessons learned from some of the most high-profile breach incidents known. Our guest advises companies to think about what their worst enemy could do to them and to practice their plans more than once a year:
"So when we were thinking about responding to hundreds of media inquiries, there was no ultimate decision maker on things and eventually we got there. But those types of roles, responsibilities, escalation protocols and processes, those are the things you want to have down in your playbooks now, before an incident happens".
The conversation touches on the most common communications mistakes that companies make when facing a breach:
"We see companies prolong the news cycle by saying it was an outage and then moving to security incident, then moving to cyber attack, then ultimately ripping the band aid off and saying it was ransomware".
All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years.
Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity.
Hosts:
Luke Connolly – partner manager at Emsisoft
Brett Callow – threat analyst at Emsisoft
Intro/outro music: “Intro funk” by Lowtone.
Our guest in this month’s episode of the Cyber Insider is Meredith Griffanti, the Global Head of Cybersecurity & Data Privacy Communications at FTI Consulting. Ms. Griffanti has worked on some of the most high-profile and highly sensitive data breaches around the world and has successfully navigated responses to incidents such as business email compromise, phishing and spear phishing, DDoS, credential stuffing, nation-state, critical infrastructure and major, double-extortion ransomware attacks.
Ms. Griffanti shares her experience in navigating crisis communications, refining incident response plans and the lessons learned from some of the most high-profile breach incidents known. Our guest advises companies to think about what their worst enemy could do to them and to practice their plans more than once a year:
"So when we were thinking about responding to hundreds of media inquiries, there was no ultimate decision maker on things and eventually we got there. But those types of roles, responsibilities, escalation protocols and processes, those are the things you want to have down in your playbooks now, before an incident happens".
The conversation touches on the most common communications mistakes that companies make when facing a breach:
"We see companies prolong the news cycle by saying it was an outage and then moving to security incident, then moving to cyber attack, then ultimately ripping the band aid off and saying it was ransomware".
All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years.
Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity.
Hosts:
Luke Connolly – partner manager at Emsisoft
Brett Callow – threat analyst at Emsisoft
Intro/outro music: “Intro funk” by Lowtone.
Previous Episode
The role of governments and shared risk in cybersecurity, with Ciaran Martin
This month’s special guest is Ciaran Martin, CB, the former CEO of the UK’s National Cyber Security Centre, a Professor of Practice at the Blavatnik School of Government at the University of Oxford, as well as managing director at Paladin Capital and the holder of several other advisory roles in private sector cyber security.
In our conversation with Ciaran, we touched on the role of the government in cyber security: intervention in the market, managing incidents, and setting a good framework. The conversation discussed the risks associated with offensive responses in dealing with nation-state threats, cybercriminals, and ransomware operators.
Our guest shares his insights and opinions on subject matters such as regulation in cybersecurity, ransom payments and cyber insurance:
“We see that some companies are having their insurance companies say that you have to have this set of cyber defenses, you have to have EDR, you have to have this or that, so they can pressure industry to take on cyber defenses. But at the same time, some people really feel that cyber insurance has contributed to the ransomware problem”.
All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years.
Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity.
Hosts:
Luke Connolly – partner manager at Emsisoft
Brett Callow – threat analyst at Emsisoft
Intro/outro music: “Intro funk” by Lowtone.
Next Episode
Bug Bounties, the Uber Breach, and Ransom Demands, with Katie Moussouris
In this episode we’re excited to host Katie Moussouris, the founder and CEO of Luta Security, a company that helps organizations implement and manage bug bounty programs. Prior to starting Luta Security, Katie worked with companies including ATstake, Symantec, and HackerOne. She’s a hacker, an advocate for gender and economic equality, a cybersecurity fellow at New America and the National Security Institute, and an advisor to the US government.
With extensive experience in bug bounty programs, our guest shares her perspective on common mistakes in bug bounty and vulnerability disclosure programs:
“You want to be able to hire and recruit people who will be able to prevent and also spot and fix those bugs while the software is being developed. If you weigh too heavily on the reward side of things and reward only the bugs that remain, after all of those secure development processes, you've actually set yourself up for a perverse incentive and you're going to gut your own hiring practices”.
The discussion goes to explore solutions to combat ransomware and what organizations should do in case of an attack: “I don't think putting that much of a burden on the victims is really going to result in what you want, which is to shine more of a light on who needs help and who needs to warn their users that there was a material breach like that. So I would say it's about requiring notification upon payment of ransomware that we should focus, at least on the victim’s side”.
All this and much more is discussed in this episode of The Cyber Insider podcast by Emsisoft, the award-winning cybersecurity company delivering top-notch security solutions for over 20 years.
Be sure to tune in and subscribe to The Cyber Insider to get your monthly inside scoop on cybersecurity.
Hosts:
Luke Connolly – partner manager at Emsisoft
Brett Callow – threat analyst at Emsisoft
Intro/outro music: “Intro funk” by Lowtone.
The Cyber Insider - Crisis Communications and Incident Response in Cybersecurity, with Meredith Griffanti
Transcript
[0:00:00] Luke Connolly: Welcome to the Cyber Insider Emsisoft's podcast all about cybersecurity. Your hosts today are Brett Callow, threat analyst here at Emsisoft, and Luke Connolly, partner manager. And we're very excited to have Meredith Griffanti with us today. Meredith is the global head of cybersecurity and data privacy communications at DC based FTI Consulting, a role she was only recently promoted into. So congratulations on that, Meredith. She started her career on
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/the-cyber-insider-250053/crisis-communications-and-incident-response-in-cybersecurity-with-mere-29790513"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to crisis communications and incident response in cybersecurity, with meredith griffanti on goodpods" style="width: 225px" /> </a>
Copy