SCANNAVIAN CYBER CRIME CONFERENCE Tuesday, 18 June 2013 When YOU Are the Headline Copyright 2013 Jøp, Ove & Myrthu A/S Esben Høstager 2013 Copyright 18 June, Esben 2013 Scandinavian Høstager Cyber Jøp, Crime Ove Conference & Myrthu CSIS A/S& PwC www.jom.dk +45 39 27 50 50 If any college student asked me what career would most assure 30 years of steady, well-paying employment, I would respond, cyber security. Alec Ross Senior Adviser for Innovation State Department, USA
It doesn t happen to us syndrome = ACKNOWLEDGING THE ISSUES Are you quick on the trigger? = BEING UP TO SPEED AND AT EASE WITH IT Your position? Is it clarified, or what? = BEING READY & ABLE TO COMMUNICATE AIG EUROPE DANSK FILIAL AF AIG EUROPE Gentofte LIMITEDKommune Tang Hansen Consulting Teknologirådet Arrow ECS First Denmark A/S of all: HD Solutions I/S Terma A/S Topdanmark Forsikring A/S Bad things DO Transportministeriet happen. Trustpilot ApS TRYG A/S Tryg Forsikring A/S Tulsi Europe CCURE A/S Comendo A/S CompliSec Consult v/erling Scharling CSC Danmark A/S Damco A/S Kirkeministeriets IT Kontoret Kriminalteknisk Afdeling Rejsehold og IT Stations Personaleklub Københavns Universitet Maersk A/S NaturErhvervstyrelsen Nord Pool Gas A/S Cyber Attacks Uddannelsesministeriets It Forsvarets Efterretningstjeneste Vestas Wind Systems A/S EVERYDAY! Forsvarsstaben DS Xellia Pharmaceuticals ApS Forsvarets Koncernfælles ZEUSMARK CONSULTING GROUP ApS Informatiktjeneste AIG EUROPE DANSK FILIAL AF AIG EUROPE LIMITEDFRAUD ApS Gentofte Kommune Arrow ECS Denmark A/S Products are attacked, too Europæiske Rejseforsikring A/S It s smarter to plan for the worst than HD Solutions I/S Deloitte Statsautoriseret Revisionspartnerselskab Novo Nordisk A/S PALLAS INFORMATIK A/S GICURE ApS Pandora A/S CCURE A/S to just cross Kirkeministeriets your IT Kontoret Plesner Advokatfirma Post Danmark A/S Kriminalteknisk Afdeling Rejsehold Region Hovedstaden or sabotaged fingers and be og IT Stations Personaleklub Rigspolitiet Saxo Bank A/S Comendo A/S caught Københavns off Universitet Europæiske Rejseforsikring A/S Scandlines Danmark A/S SDC Drift A/S CompliSec Consult v/erling Scharling guard. Maersk A/S SEC Datacom A/S Secunia Accidents ApS occur CSC Danmark A/S SECUREDEVICE A/S Damco A/S NaturErhvervstyrelsen Segezha Packaging A/S SimCorp A/S Forsvarets Efterretningstjeneste Forsvarsstaben SISCON DS ApS Deloitte Statsautoriseret Revisionspartnerselskab Nord Pool Gas A/S Forsvarets Koncernfælles InformatiktjenesteSkandinavisk Data Center A/S FRAUD ApS Skatteministeriet GICURE ApS Socialministeriet Departementet Novo Nordisk A/S
it doesn t happen to us!
SHOCK! WORRY! PANIC! ~ Wishful Thinking! OUTCOME: Let s not tell anyone, okay?! It ll probably disappear very soon, you know
But, Esben this is just SO embarrassing! And if we go public with it, it will for sure ruin our reputation not to mention my own career Always ASK YOURSELF: What is the alternative? 1. Will it go away unnoticed? Hardly OR: 2. Is it likely that a journalist will call you shortly? Yes, it sure is! e.g. what are you going to say when the first journalist calls you?
Secretary: I m sorry, but he just left for an important business trip, and it s impossible for me to tell you when he will be back
It doesn t happen to us syndrome = ACKNOWLEDGING THE ISSUES Are you quick on the trigger? = BEING UP TO SPEED AND AT EASE WITH IT Your position? Is it clarified, or what? = BEING READY & ABLE TO COMMUNICATE
Why is speed so important? You must take control RIGHT AWAY because if you don t, others will soon take the lead! And you don t like that! be willing to release your BAD news, too. NOT easy. But always think about the alternative ~ most likely FAR WORSE! So what SHOULD you do?
AIG EUROPE DANSK FILIAL AF AIG EUROPE Gentofte LIMITEDKommune Arrow ECS Denmark A/S CCURE A/S Københavns Universitet Maersk A/S Comendo A/S Tang Hansen Consulting Teknologirådet Terma A/S Topdanmark Forsikring A/S Transportministeriet Trustpilot ApS TRYG A/S Tryg Forsikring A/S Tulsi Europe Uddannelsesministeriets It Vestas Wind Systems A/S HD Solutions I/S Kirkeministeriets IT Kontoret Kriminalteknisk Afdeling Rejsehold og IT Stations Personaleklub Be ACCESSIBLE Xellia Pharmaceuticals ApS ZEUSMARK CONSULTING GROUP ApS AIG EUROPE DANSK FILIAL AF AIG EUROPE LIMITED Arrow ECS Denmark A/S CCURE A/S Comendo A/S CompliSec Consult v/erling Scharling CSC Danmark A/S Europæiske Rejseforsikring A/S Forsvarets Efterretningstjeneste Forsvarsstaben DS Forsvarets Koncernfælles Informatiktjeneste FRAUD ApS Gentofte Kommune HD Solutions I/S Kirkeministeriets IT Kontoret Kriminalteknisk Afdeling Rejsehold og IT Stations Personaleklub Københavns Universitet Maersk A/S NaturErhvervstyrelsen Nord Pool Gas A/S CompliSec Consult v/erling Scharling NaturErhvervstyrelsen CSC Danmark A/S Damco A/S Nord Pool Gas A/S Deloitte Statsautoriseret Revisionspartnerselskab Novo Nordisk A/S PALLAS INFORMATIK A/S GICURE ApS Pandora A/S Plesner Advokatfirma Post Danmark A/S Region Hovedstaden Rigspolitiet Saxo Bank A/S Europæiske Rejseforsikring A/S Scandlines Danmark A/S SDC Drift A/S SEC Datacom A/S Secunia ApS SECUREDEVICE A/S Damco A/S Segezha Packaging A/S SimCorp A/S Forsvarets Efterretningstjeneste Forsvarsstaben SISCON DS ApS Deloitte Statsautoriseret Revisionspartnerselskab Forsvarets Koncernfælles InformatiktjenesteSkandinavisk Data Center A/S FRAUD ApS Skatteministeriet GICURE ApS Socialministeriet Departementet Novo Nordisk A/S AIG EUROPE DANSK FILIAL AF AIG EUROPE Gentofte LIMITEDKommune Arrow ECS Denmark A/S CCURE A/S Københavns Universitet Maersk A/S Comendo A/S Tang Hansen Consulting Teknologirådet Terma A/S Topdanmark Forsikring A/S Transportministeriet Trustpilot ApS TRYG A/S Tryg Forsikring A/S Tulsi Europe Uddannelsesministeriets It Vestas Wind Systems A/S HD Solutions I/S Kirkeministeriets IT Kontoret Kriminalteknisk Afdeling Rejsehold og IT Stations Personaleklub PREPARE. PREPARE. PREPARE. Xellia Pharmaceuticals ApS ZEUSMARK CONSULTING GROUP ApS AIG EUROPE DANSK FILIAL AF AIG EUROPE LIMITED Arrow ECS Denmark A/S Europæiske Rejseforsikring A/S Forsvarets Efterretningstjeneste Forsvarsstaben DS Forsvarets Koncernfælles Informatiktjeneste FRAUD ApS Gentofte Kommune HD Solutions I/S Kirkeministeriets IT Kontoret Kriminalteknisk Afdeling Rejsehold og IT Stations Personaleklub Københavns Universitet Maersk A/S NaturErhvervstyrelsen Nord Pool Gas A/S CompliSec Consult v/erling Scharling NaturErhvervstyrelsen CSC Danmark A/S Damco A/S Nord Pool Gas A/S Deloitte Statsautoriseret Revisionspartnerselskab Novo Nordisk A/S PALLAS INFORMATIK A/S GICURE ApS Pandora A/S CCURE A/S Plesner Advokatfirma Post Danmark A/S Region Hovedstaden Rigspolitiet Saxo Bank A/S Comendo A/S Europæiske Rejseforsikring A/S Scandlines Danmark A/S SDC Drift A/S CompliSec Consult v/erling Scharling SEC Datacom A/S Secunia ApS CSC Danmark A/S SECUREDEVICE A/S Damco A/S Segezha Packaging A/S SimCorp A/S Forsvarets Efterretningstjeneste Forsvarsstaben SISCON DS ApS Deloitte Statsautoriseret Revisionspartnerselskab Forsvarets Koncernfælles InformatiktjenesteSkandinavisk Data Center A/S FRAUD ApS Skatteministeriet GICURE ApS Socialministeriet Departementet Novo Nordisk A/S
Why not TELL IT LIKE IT IS? AIG EUROPE DANSK FILIAL AF AIG EUROPE Gentofte LIMITEDKommune Arrow ECS Denmark A/S HD Solutions I/S Kirkeministeriets IT Kontoret CCURE A/S Københavns Universitet Maersk A/S Comendo A/S CompliSec Consult v/erling Scharling NaturErhvervstyrelsen CSC Danmark A/S Damco A/S Nord Pool Gas A/S Deloitte Statsautoriseret Revisionspartnerselskab Novo Nordisk A/S Tang Hansen Consulting Teknologirådet Terma A/S Topdanmark Forsikring A/S Transportministeriet Trustpilot ApS TRYG A/S Tryg Forsikring A/S Tulsi Europe Uddannelsesministeriets It Vestas Wind Systems A/S Kriminalteknisk Afdeling Rejsehold og IT Stations Xellia Personaleklub Pharmaceuticals ApS ZEUSMARK CONSULTING GROUP ApS AIG EUROPE DANSK FILIAL AF AIG EUROPE LIMITED Arrow ECS Denmark A/S And then again: CCURE A/S Comendo A/S CompliSec Consult v/erling Scharling CSC Danmark A/S Damco A/S Deloitte Statsautoriseret Revisionspartnerselskab GICURE ApS Europæiske Rejseforsikring A/S Forsvarets Efterretningstjeneste Forsvarsstaben DS Forsvarets Koncernfælles Informatiktjeneste FRAUD ApS Gentofte Kommune HD Solutions I/S Kirkeministeriets IT Kontoret Kriminalteknisk Afdeling Rejsehold og IT Stations Personaleklub Københavns Universitet Maersk A/S NaturErhvervstyrelsen Nord Pool Gas A/S HOWEVER many CEOs tend to prefer The Jack Nicholson Way PALLAS INFORMATIK A/S GICURE ApS Pandora A/S Plesner Advokatfirma Post Danmark A/S Region Hovedstaden Rigspolitiet Saxo Bank A/S Europæiske Rejseforsikring A/S Scandlines Danmark A/S SDC Drift A/S SEC Datacom A/S Secunia ApS SECUREDEVICE A/S Segezha Packaging A/S SimCorp A/S Forsvarets Efterretningstjeneste Forsvarsstaben SISCON DS ApS Forsvarets Koncernfælles InformatiktjenesteSkandinavisk Data Center A/S FRAUD ApS Skatteministeriet Socialministeriet Departementet Novo Nordisk A/S
AIG EUROPE DANSK FILIAL AF AIG EUROPE Gentofte LIMITEDKommune Arrow ECS Denmark A/S CCURE A/S Københavns Universitet Maersk A/S Comendo A/S Tang Hansen Consulting Teknologirådet Terma A/S Topdanmark Forsikring A/S Transportministeriet Trustpilot ApS TRYG A/S Tryg Forsikring A/S Tulsi Europe Uddannelsesministeriets It Vestas Wind Systems A/S HD Solutions I/S Kirkeministeriets IT Kontoret Kriminalteknisk Afdeling Rejsehold og IT Stations Personaleklub The Jack Nicholson Way.. Xellia Pharmaceuticals ApS ZEUSMARK CONSULTING GROUP ApS AIG EUROPE DANSK FILIAL AF AIG EUROPE LIMITED Arrow ECS Denmark A/S Europæiske Rejseforsikring A/S Forsvarets Efterretningstjeneste Forsvarsstaben DS Forsvarets Koncernfælles Informatiktjeneste FRAUD ApS Gentofte Kommune HD Solutions I/S Kirkeministeriets IT Kontoret Kriminalteknisk Afdeling Rejsehold og IT Stations Personaleklub Københavns Universitet Maersk A/S CompliSec Consult v/erling Scharling NaturErhvervstyrelsen CSC Danmark A/S Damco A/S Nord Pool Gas A/S Deloitte Statsautoriseret Revisionspartnerselskab Novo Nordisk A/S PALLAS INFORMATIK A/S GICURE ApS Pandora A/S CCURE A/S Plesner Advokatfirma Post Danmark A/S Region Hovedstaden Rigspolitiet Saxo Bank A/S Comendo A/S Europæiske Rejseforsikring A/S Scandlines Danmark A/S SDC Drift A/S CompliSec Consult v/erling Scharling SEC Datacom A/S Secunia ApS CSC Danmark A/S SECUREDEVICE A/S Damco A/S All recent examples NaturErhvervstyrelsen Segezha Packaging A/S SimCorp A/S Forsvarets Efterretningstjeneste Forsvarsstaben SISCON DS ApS Deloitte Statsautoriseret Revisionspartnerselskab Nord Pool Gas A/S Forsvarets Koncernfælles InformatiktjenesteSkandinavisk Data Center A/S FRAUD ApS Skatteministeriet GICURE ApS Socialministeriet Departementet Novo Nordisk A/S It doesn t happen to us syndrome = ACKNOWLEDGING THE ISSUES Are you quick on the trigger? = BEING UP TO SPEED AND AT EASE WITH IT Your position? Is it clarified, or what? = BEING READY & ABLE TO COMMUNICATE
Can you pass THE ACID TEST? Five quick questions, you should ALWAYS ask yourself (before pretending that you can actually disappear) Can you pass The Acid Test? Five quick questions, you should ALWAYS ask yourself Can I (convincingly!) explain WHY I don t want to comment? And if NOT what do I do then?
Can you pass The Acid Test? Five quick questions, you should ALWAYS ask yourself What happens, if I don t call back? That is: Can we live with the alternative? Can you pass The Acid Test? Five quick questions, you should ALWAYS ask yourself If I refuse to comment, who else will speak for me? What are they going to say? And: How will I react?
Can you pass The Acid Test? Five quick questions, you should ALWAYS ask yourself Am I going to be smoked out of my cave anyway? If so, what (specifically) would make me talk to the media? Can you pass The Acid Test? Five quick questions, you should ALWAYS ask yourself When all hell breaks loose, do I have a sparring partner i.e. when not even a Senior Leader will cut it?
Here comes the things that I want you to do Tell it all and Tell it fast.
Tell them what you are doing about it. Tell them when it s over.
Get back to work! IF YOU FEEL that you and your company need to do better in order to CHANGE things, Albert Einstein may be inspirational?
Insanity is doing the same thing over and over again, and expecting different results. Albert Einstein See you in the headlines
Disclaimer Hidden slide. Jøp, Ove & Myrthu A/S anerkender og respekterer copyrights i forbindelse de illustrationer, der er anvendt i denne præsentation. Skulle vi utilsigtet have overtrådt en eller flere copyrights, ønsker vi at blive gjort opmærksom på dette med henblik på at afklare eventuelle uoverensstemmelser og for at kunne honorere eventuelle vederlag. Venligst kontakt vores sekretariat: post@jom.dk SCANNAVIAN CYBER CRIME CONFERENCE Tuesday, 18 June, 2013 When YOU Are the Headline Copyright 2013 Jøp, Ove & Myrthu A/S Esben Høstager 2013 Copyright 18 June, Esben 2013 Scandinavian Høstager Cyber Jøp, Crime Ove Conference & Myrthu CSIS A/S& PwC www.jom.dk +45 39 27 50 50