I don’t know how it happens, but you can usually rely on one or more big news stories during Business Continuity Awareness Week (BCAW); most spectacularly the Wannacry attack on the eve of BCAW 2017. This year, two days into BCAW, we have the announcement of the WhatsApp surveillance attack. Whilst, in some ways, the company appears to have handled the incident well – promptly notifying users and patching the security issue – there are potential problems ahead:
- WhatsApp actively promotes the security of its platform so this could make a significant dent in their brand image;
- WhatsApp have not established how many users have been affected – media reports have generally suggested very small numbers; and
- It’s also not clear (at the time of writing) whether the spyware can reach beyond the confines of WhatsApp.
If it turns out that either the scale of the attack is much greater, or that the reach of the spyware is much broader than initially reported; WhatsApp’s initial communications will be the focus of much scrutiny as people judge whether they sought to deliberately downplay the incident.