We hear about cybersecurity incidents happening all the time. Most often, we hear about the massive breaches that happen to the biggest of brands. But the truth is that cybersecurity incidents are a threat that can happen to any and every company. You don’t have to be a massive household name to be targeted.
While a cybersecurity threat doesn’t always necessarily translate into a crisis* (the level of impact depends on the incident itself), it is most certainly an incident that demands immediate attention and proper action. It’s also an incident that leaves organizations feeling exposed, violated, and vulnerable which are all emotions that can impact good judgment of response for fear of losing trust with stakeholders (one of the added risks that comes with experiencing such an event).
Mascot Books is one of the hundreds of thousands of companies to have recently experienced this first-hand, when a malicious attempt was made to fraud their clients into paying invoices that appeared to be sent from Mascot, but weren’t.
In the following video, Naren Aryal, President and Founder of Mascot Books, shares about this experience. Naren gets real here and provides insight and details about the incident, how he and his team managed it, and what scared him most when it came to having to communicate with his clients — even after the threat had been contained and eradicated.
This is a situation that can happen to any company (including yours) and Naren shares the most valuable lessons that he and the Mascot Books team learned through it all. He paints the picture of the precise steps he and his team took to understand the situation, to contain and eradicate the threat, to mitigate the impact on their clients, as well as the outcome that each decision had on the brand’s relationships with its most valued clients.
*A crisis is a negative incident that threatens long-term material impact on a brand’s stakeholders, the environment, the economy, the business’s operations, reputation and/or its bottom line.
Unsolicited note from Melissa Agnes:
Mascot Books is the publisher of Crisis Ready: Building an Invincible Brand in an Uncertain World and I could not have asked for a better partner in the journey or in the success of creating this book. If you are thinking of writing a book and are looking for the perfect partner, there aren’t many companies that I recommend as confidently, as loudly, or as enthusiastically as I do Mascot Books.
Learn more about Mascot’s Books and their brilliant work here.
Finally, a huge ‘thank you’ to Naren Aryal for taking the time to share this story with the hopes of it resonating with and helping others.
Author of Crisis Ready: Building an Invincible Brand in an Uncertain World, Melissa Agnes is a leading authority on crisis preparedness, reputation management, and brand protection. Agnes is a coveted keynote speaker, commentator, and advisor to some of today’s leading organizations faced with the greatest risks. Learn more about Melissa and her work here.
Lessons from Managing a Cybersecurity Incident: A Case Study with Naren Aryal of Mascot Books.
Melissa, thanks for putting out this video. Thanks too to Naren for being bold and forthright to come forward and share his thoughts…….it take courage!
Absolutely!……..any small, medium or large scale company is and WILL at some stage or the other be faced with a similar crisis. “Forewarned is forearmed”!!……….better to expect for such eventualities and prepare contingency plans to deal with them.
Look forward to more such exposes from your side.
Cheers and best of luck.
Dhyan Mayadas
Thanks, Dhyan. Well said! And thank you for recognizing Naren’s intent and bravery for wanting to create this video for others to learn from. It’s not easy, but is so valuable.
I can only echo what Dhyan said.
A company I know in the North of UK were subject of a ransomware attack recently, They were very low profile manufacturing company who happened to get hit.
They were fortunate to be able to recover and not pay the £20,000 to the fraudster.
It still took them almost 3 months to get back to normal working.
Ransomware doesn’t target businesses, it targets vulnerabilities. Like the child that isn’t inoculated against Measles, the vulnerability gets exploited, not the child.
Well said, Robert. That’s an important way to think about it. Thanks for taking the time to add that lens.