It’s a loaded question to ask when a PR crisis ends. With some crises, reminders last indefinitely. In other cases, the actual crisis lasts for months.
This month we begin an occasional series that updates crises mentioned in previous editions of Crisis Insider and offers additional insights.
SolarWinds Still Blowing
There are few better examples of crisis’ long tail than SolarWinds. Breaking into the news a few weeks before Christmas 2020, operatives, allegedly Russians, hacked Orion, a network monitoring product from vendor SolarWinds. More than 33,000 public and private customers deployed Orion. It is estimated the hack touched at least nine US federal agencies and 100 companies. We use the word ‘estimated’ since revelations continue to flow, almost daily.
Indeed, in our Jan. 2021 edition, Kaylin Trychon, a VP at ROKK Solutions and now at Google, and Kristin Miller, director, Ping Security, said stories about the hack would dribble out for months, if not years. So far, they’re spot on.
And no wonder. There’s much to consider as analysts examine what was considered the largest, most sophisticated hack in history. As SolarWinds CEO Sudhakar Ramakrishna told the Wall St. Journal, “We have been evaluating mountains of data.”
Like peeling back the proverbial onion, SolarWinds stories veer in several directions. One avenue includes a story about attacks, verbal not cyber, against Amazon, which allegedly knows more than it’s disclosing about the hack.
There also are revelations about the hackers’ sophistication. Apparently, they spent nine months lurking before compromising US Treasury Department servers, in December 2020. There’s also speculation that SolarWinds, the company, was hacked back in 2019, not 2020.
And speaking of constant reminders of crises, since SolarWinds is so well known, it’s become a benchmark. As we head to press, a headline in the March 10 edition of Data Center Knowledge reads: “Microsoft Exchange Hack Could Be Worse Than SolarWinds.”
Speaking of the Microsoft hack (March 2), as the headline just cited says, it seems destined to replace SolarWinds as history’s largest attack.
As such, Miller says, you need to consider these massive hacks together. When a behemoth crime overtakes one whose size, just weeks earlier, appeared untouchable, it’s possible massive “cybersecurity breaches will continue to grow in scope and impact” and will “be the new normal,” Miller says. Communicators best have crisis plans ready.
Trychon adds the SolarWinds hack illustrates that communicators need to take a long view. As we’ve seen, media coverage of massive hacks is likely to continue for extended periods.
“What is said during the beginning of an incident will stay with you throughout the news cycles,” she says. “It’s best to wait for security teams to do the incident response work and analysis before offering what you think are facts to media.” As in all crises, Trychon advises updating media as the situation evolves “to show transparency and build trust.”
The good news, Trychon says, is that news cycles for massive hacks have a degree of predictability. For example, communicators can prepare for congressional hearings. In addition, they can “develop messaging and infuse important milestones or data points that help tell a strong story, whether about recovery or future plans.”
More Trouble with Kids’ Books
In the December 2020 edition, we wrote about the estate of Roald Dahl apologizing for the late author’s anti-Semitism.
We asked communicators about the apology’s timing, made 30 years after Dahl’s death and not directly related to the release of a film or play based on the author’s stories.
More curious was that the apology resided in an obscure part of the Dahl web site.
In addition, its wording seemed to downplay the late writer’s sentiments: “Those prejudiced remarks are incomprehensible to us and stand in marked contrast to the man we knew and to the values at the heart of Roald Dahl’s stories, which have positively impacted young people for generations.”
As you likely know, the company with rights to the titles of Dr. Seuss made a much louder apology recently, which included halting printing of six titles. Timing of the March 2, 2021, apology was clear: it’s the birthday of Dr. Seuss, aka Theodore Seuss Geisel.
It was deeper than that, though, says Hinda Mitchell, founder, InspirePR Group. The Seuss moves to stop publication of books and apologize, she says, were “well thought-out and made [last year], with deliberation.” A takeaway, Mitchell adds, is that brands, especially legacy ones, should review content and “make difficult choices...it’s a smart, long-term move to enhance reputation.”
In contrast, Dahl’s estate “sort of ‘backed into it’ with a buried message...and [later] commented only when their hand was forced,” Mitchell adds.
‘Dangerous’ record Sales
Our October 2020 edition covered the story of then-rising country singer Morgan Wallen. The 27-year-old was caught on video celebrating a college football victory sans mask. Booked to appear on “Saturday Night Live” (SNL) the next week, NBC nixed the gig out of concern for staff and in-studio audience.
To his credit, Wallen, who’d already arrived in NY for the show, apologized promptly and well. His cooperative attitude led to a future SNL booking.
Since then, his story total rivals that of SolarWinds. The latest is a video from late Jan. showing Wallen uttering a racial slur after a night of carousing. Again, Wallen apologized, though he’s lost bookings, radio play and contracts. Still, his music is breaking sales records.
“With racial tension at a high and discrimination, bias and hate under the microscope, an apology is rarely enough,” says Meredith L. Eaton, director, N. America, Red Lorry Yellow Lorry.
Should this behavior pattern continue, Eaton urges Wallen take corrective action via contributions to the Black community. Wallen needs to show “he’s working to educate himself on his conscious or unconscious bias.”