How-to guide: Security breach management

Defining the Case Study

AirAway is an airline established in 1990. It has been operating as a low-cost-carrier and has a fleet of 110 aircrafts operating out of Bangkok, Thailand.  It flies both domestic and international, recording almost 48000 trips across 26 destinations in 2019 with revenues of US$380 million.

A significant portion of its bookings come directly from its website. Its lucrative pricing policies made it a favorite amongst the middle-class population of the country. As a result of the growing trust and popularity of the AirAway brand, more than 60% of its users have chosen to save personal information with the company.

The Covid-19 impact

With the outbreak of Covid-19, the airline had to cancel all its domestic and international flights. This caused a sudden spike in the number of customer-care calls the contact centre was receiving. Thus, the existing BPO partner was unable to cater to the massive volumes. In order to serve the surplus client calls, Rapid Infotech was looped in for the next three months.   

Traditionally, Rapid Infotech focused and specialized in HR and accounting services. Also, they recently realized the presence of an opportunity to offer AI and automation powered contact center services and had developed a beta application for it. To capitalize on the growing demand for contact centers in the current crisis and onboard the first few clients, they launched their product in the market. Seeing the relatively lower cost of service, AirAway decided to save some cash and grab the opportunity.

Rapid Infotech hired a few remote agents as a last point of contact for the customers . In order to serve the customer and understand his needs more efficiently, Rapid Infotech was given access to the customer details.

The data breach

Three weeks into the contract, Rapid Infotech detected a data breach. Also, there was speculation that the data might have been leaking for some days by now. They immediately shut down all the active accounts of Rapid Infotech to prevent any further damage. AirAway on receiving this information froze its contract with Rapid Infotech while continuing the partnership with the other BPO to ensure that the customer care services are still up. The sensitive data of Millions of users was found to have leaked from the systems. It included data on passport numbers, contact details, travel history and financial credentials to some extent. Thus, putting a lot of pressure on the management.

As the CXO of Rapid Infotech,

  1. What are the steps that need to be taken (in chronological order) to ensure the damage taken is limited? Also, ensure the systems are back to normal as soon as possible.
  2. Formulate a Checklist including the must-have security firewalls and procedures for contact centres to fight the growing range and frequency of cyber-attacks?
  3. What is the business continuity plan that will be put in place to deal with such a situation in the future?

Key takeaways from the discussion

The contact center must take the following steps to limit the damage:

  1. Perform a root cause analysis to find the source of the leak
  2. Understand the demographics of the people behind the attack
  3. Drill-down to decipher the motive behind the attack
  4. Notify legal authorities and their cybersecurity teams
  5. Gather all surveillance evidence of the people involved in the attack
  6. Find the access path and seal all possible leakages
A People, Process and Technology framework can be implemented to prevent any further leaks.

Previously, on Security Talks:

https://twimbit.com/technology/the-security-challenge-of-remote-working/

https://twimbit.com/technology/the-global-talent-crunch-in-info-security

Podcast
Your browser doesn’t support HTML5 audio

Topic:

Cyber Security

The only proven crime is hack.

Subscribe