Bulletin / Marks out of...

Marks out of 100 for Easyjet’s Cyber Incident Response

Author: Charlie Maclean Bristol, Training Director, FBCI, FEPS

Charlie scores Easyjet's response to their recent cyber attack out of 100.

"Thankfully, we now live in a world where it is accepted that data breaches happen, and organisations are more comfortable disclosing that they have been victim to an attack. However, with this welcome move away from victim blaming, organisations are now being judged more on how well they manage a breach.” Brian Honan in Computer Weekly

I thought this week it would be good to look at a non-coronavirus incident, as many have been saying for a while, just because we are in the middle of a pandemic it doesn’t mean that other incidents don’t occur. There have been articles in various newspapers saying that with organisations distracted and many staff working from home, criminals are using the opportunity to launch cyber-attacks and online scams. An example of these attacks has been the ransomware attack by REvil on Grubman Shire Meiselas & Sacks, which is aimed at extorting money by locking out their files and then threatening to release client information if a large ransom is not paid.

I have an interest in cyber reputation communications management as I like to keep my Managing and Preparing for Cyber Incidents Course up to date. I also find it fascinating how different organisations respond to cyber incidents and how organisations make the same basic mistakes again and again when responding. The easyJet cyber-attack caught my eye as it was a distraction in the news from COVID-19, but also as I am a customer and use their flights it is a company, I am familiar with.

I thought I would develop my first draft of a quantitative assessment of easyJet’s response. The assessment is not yet, I suspect, the final version, but by trying it against an incident there is the opportunity to refine it. If this works, I intend to assess other responses in future bulletins to see if there are patterns which organisations do well and those they do not do so well.

Any comments on the process, criteria and weighting are gratefully received.

Table 1 - Quantitative assessment of Easyjet's cyber response, 22 May 2020

Screenshot-2020-05-22-at-15.33.08.png#asset:6362Screenshot-2020-05-22-at-15.36.31.png#asset:6363Screenshot-2020-05-22-at-15.39.58.png#asset:6364

You can find easyJet's Q&As here.



Live Online - GCHQ Certified Managing & Preparing for Cyber Incidents - 7th-8th September 2020

  • A two day non-technical course, aimed at preparing organisations to manage their cyber response at the strategic/crisis management level. Topics include cyber risk assessments, playbook development, GDPR reporting incidents and reputation management.

20% off if booked in May or June - regular price £1,050, saving of £210!

You might be interested in the following stories

20/20 Vision: Comments on Exercise Cygnus (UK's pandemic exercise in 2016) and what happened

Lockdown Learning Webinar Recording - Decision Making During a Crisis

Crisis Communications - Skype to the rescue

You may be interested in the following course

GCHQ Certified Managing & Preparing for Cyber Incidents course

Sign-up to our weekly bulletin

Twitter feed

Bulletin
A Model for Situational Awareness

Charlie shares a model of situational awareness from the Endsley paper and discusses how this can be applied to incident management.

31 July 2020

“The course was great, I met some lovely people and James [McAlister] was an amazing tutor. He talked us through scenarios and his own experiences which helped embed the information”

Phillippa Crombleholme
British Gas
View further testimonials