cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
DANJENSEN
Viewer

Exfiltrated Data Concerns

Hi All:

 

I know a gentleman who got hit hard by a crypto attack from the Mespinoza group, and according to forensic analysis they may have grabbed a couple of gigabytes on the way out the door. While he is following all protocols for, for example PII notifications, he is concerned that there is some business-confidential information leaked that may be used in the future against the company.

 

The various security and lawyers are trying to reassure him about the unlikelihood of any such thing happening, but he is still extremely concerned. Thoughts? Is it worth tracking down some sort of brilliant information-scavenging person who could see if they can find out if any such data is out there?

 

Any help or advice anybody can offer would be extremely appreciated, as I am a bit worried about his mental state.

 

Thanks!

 

Dan

1 Reply
CISOScott
Community Champion

Sounds a lot like a situation I ran into. A friend of ours had a daughter in high school who started dating this boy. He convinced her to send naked pics and she did. They subsequently broke up and he shared the pictures with other boys in the high school. Now we could have went around and tried to get every boy who had received the picture to delete it but we would never be able to know that we got every one of them. A boy could have forgot that he sent it to another friend, or could have made copies of it, etc. We would never have 100% confidence that we could get them all and never have them surface again. So instead we did this:

1) Asked the boys politely to delete the photos with the threat of law enforcement's help if they refused as she was underage (15 years old).

2) Asked if they would do the same for anyone else they had sent it to.

3) Prepared the young girl for the fact that this could possibly resurface in the future and that she needed to prepare herself for that fact and be ready to respond like this : "Yes that picture was taken during a young and foolish time in my youth. I trusted someone I shouldn't have and he betrayed me. That picture is of an underage youth and the fact that you are using it means you are engaging in illegal felonious activity. Should I call call the cops or are you going to delete it? Also know that if you share it you are engaging in distribution of child pornography which is another felony offense? How do you want to proceed?"

 

So tell your friend that now that the information is out there, it is out there. No amount of scouring the Internet and demanding people remove it is going to get it removed. His best defense is to prepare for how it could be used against him and how he will respond. He seems to worry that it could be used against him, address those concerns. Could it be used for blackmail (i.e the company was doing something illegal or unethical) ? If so address what the company can do to get legitimate. Is he worried his proprietary design or ideas may be stolen? Ensue he has the correct patents,etc. to protect those ideas/inventions. I'm just throwing some suggestions out here not knowing what his concerns are. I am not implying he was doing anything illegal, but I am not in his situation. What I am trying to do is get you to find out how this could be used to hurt him and come up with responses for those, IF they ever came about to exist.

 

The horse is out of the barn, the only thing you (he) can do is prepare for it's return.