How do the hackers communicate

Self-PR after a cyber attack

In the spring of 2015, Kaspersky Lab discovered that it had been the target of a hacker attack. The new generation of cyber weapons is also attacking political events such as the 5 + 1 nuclear negotiations with Iran. A powerful secret service is believed to be behind the attack.

The impact of a publication on corporate reputation could be devastating. An IT security company becomes the target of a cyber attack. What Can Make Better Headlines? As part of its crisis communication strategy, Kaspersky Lab relies on transparency, responsibility and skillful PR. A practical case.

Transparency principles: "We publish every cyber attack."

It is clear for Kaspersky Lab to remain true to its transparency principles. Every cyber attack, every virus, every malware is published - regardless of its origin and where it is found. Of course, Duqu 2.0 is a tough test for the company.

Virus Lab - the Duqu 2.0 cyberattack was analyzed here (c) Kaspersky

But: With the publication of the cyber attack on its own company network, Kaspersky Lab wants to demonstrate transparency and responsibility towards society, the economy and politics. At the same time, however, the company's own technological expertise and intelligence in the detection of cyber attacks should also be highlighted, and security for customers and partners should be emphasized.

Publishing such incidents is the only way to make others aware of the danger and make the world a safer place.

PR concept under observation?

Since it cannot be ruled out that the cyber and espionage attack is still active, the preparation of the crisis communication strategy takes place under difficult conditions. All communication by the international crisis team is tap-proof, in person or in encrypted form.

The Kaspersky team secretly prepares all instruments for transparent crisis communication: press releases, video press conferences with the CEO Eugene Kaspersky, Posts for all social media channels, a technical analysis of the attack, tailor-made materials for internal stakeholders as well as "questions and answers" and contact options for customers and partners.

In order to uncover the overall context, only "Spiegel" and "Spiegel Online" receive a preliminary briefing in Germany - also tap-proof. The political dimension of the cyber attack, namely the spying on the 5 + 1 nuclear negotiations, is of course even more newsworthy than the attack on Kaspersky Lab - this is also clear to those responsible for crisis communications.

The leading medium consequently creates the desired context on the basis of its own research and directs attention to who the attack can be attributed to. The other media, which can then go further in their research, should follow this reporting.

Communication will start simultaneously worldwide on June 10th at 2 p.m.

The media interest is enormous. Driven by the news agencies in Germany, Austria and Switzerland (including six dpa, two AFP and Reuters each, five APA, three SDA), 1,200 articles appear in the first 30 hours after publication.

In addition to reporting on the incident, the media point out the larger context and political dimension, as well as the safety of customers and partners. The way the press deals with the cybersecurity company is extremely fair, the tone is objective and the response to the transparency of Kaspersky Lab is very appreciative.

The “Tagesspiegel” wrote on June 11, 2015: “The fact that Kaspersky Lab found the malware is more telling than the fact that a company like this was also spied on for a while.”

Kaspersky Lab's Virus Lab (c) Kaspersky

From June 12th, the security incident at Kaspersky Lab will hardly be mentioned in connection with Duqu 2.0. The focus of interest is now on the espionage attacks on the nuclear negotiations between the 5 + 1 countries and Iran.

With the nuclear negotiations taking place in Austria and Switzerland, the espionage attack becomes the main news item on local television news. Kaspersky Lab is named as the company that exposed the cyber attack. There is also a lot of discussion about the incident on social networks. #Kaspersky becomes a trending topic on Twitter. There is no malicious glee or malice. Here, too, the feedback from friends and followers is supportive.

Strengthened market position and image gain

Kaspersky Lab's communication strategy shows that it is possible to avert damage to the reputation of companies with security incidents through transparency, responsibility and a clever PR strategy.

At the same time, the presentation of one's own expertise can turn a crisis into a stronger market position with an image gain that is equally recognized by the media and industry.
By uncovering and analyzing Duqu 2.0, Kaspersky Lab has gained new insights that will be used in future technologies and products.