Monday, 03 September 2018 10:55

Data breach book: practical advice on how to handle aftermath of a break-in


"If there's one thing worse than a bungle, it's a cover-up. And if there's one thing worse than a cover-up, it's being caught covering up." Wise words those, from the authors of a small, but very useful, book on data breaches and how to manage them.

Peter Coroneos, a well-known figure in Australian IT circles, and brand consultant Michael Parker have put out their Cyber Breach Communication Playbook at an opportune time, a few months after Australia began enforcing a data breach law.

Both authors are pragmatic about the possibility of a breach; their stance can be summed up in the words, "it's not whether, but when". And, accordingly, their book, which is an excellent read, concentrates on advising businesses the best way to react after the deed has occurred.

This book is not a guide as to how one should secure a data store; it is a practical guide as to how one can continue to exist in a competitive environment after a data breach has occurred. The language is not stilted as in most books on this subject; it is like a brisk winter's day in Melbourne and does not beat about the bush. It is also a convenient size and can be easily carried around, even in a handbag.

The best way to learn is from others' mistakes, and with this in mind Coroneos and Parker list 14 breaches, all of which have received more than a few abrasive headlines:

  • Australian Bureau of Statistics – 2016 online census;
  • Australian Electoral Commission – 2016 election electronic voting security flaws;
  • Geoscience Australia July 2018 – national audit office report;
  • PageUp People – 2018 job applicants data breached;
  • Uber 2017 – 57 million records including 1 million Australian passengers and drivers;
  • Republican National Convention 2017 – 198 million voter records exposed by cloud error;
  • Equifax 2017 – 143 million personal records stolen;
  • JP Morgan and Chase – 7 million customer records exposed;
  • TalkTalk 2015 – UK telco 150,000 customer records breached;
  • Ticketmaster – 2018 breach exposing financial details;
  • Target – supply chain breach of its point of sale systems;
  • Verizon 2017 – 14 million customer records exposed;
  • Yahoo! – largest ever reported data breach; and
  • Ashley Madison – the infamous 2015 dating site hack.

That quote above comes from the authors' comments about the Australian Electoral Commission's voting security flaws, which earned the organisation a D-minus grade.

The criteria used to give the 14 breaches grades are:

  • "the scale of the breach;
  • "the sensitivity of the information compromised;
  • "the time taken to report the breach;
  • "any evidence of a cover-up;
  • "the time taken for management acceptance of responsibility;
  • "how predictable and preventable the breach was;
  • "the degree of public backlash; and
  • "where appropriate, notice and redress for affected individuals.”

And these criteria are applied according to three factors: an independent analysis of the publicly sourced facts, reports and official statements; the favourability, duration and extent of media commentary; and the findings of any subsequent investigations or public inquiries.

The Australian Bureau of Statistics earned a D-minus for its efforts during the 2016 census, while PageUp People scored a C-minus.

Of the PageUp breach, Coroneos and Parker wrote: "... we suspect officials decided to take advantage of PageUp's timely response to illustrate that an organisation which understands, and acts in accordance with the underlying policy intent of the laws, should be supported."

This shows that the authors also understand the inner workings of regulators when it comes to breaches; by general standards, the PageUp breach has been a major disaster, and has been criticised by both technical and legal professionals.

The authors do not adopt a hectoring tone, nor do they try to talk down to the reader. This is a good book for those in business who want to know what to do when they see those dreaded words on their mobiles at 6am: "The website has been hit."

The Cyber Breach Communication Playbook retails for $39.95; details are here.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News