In the midst of a Cyber Attack who you gonna call – and how?

Don’t rely on the very IP channel that has just been hacked, because your adversaries will be monitoring it!

If (when!) your organisation succumbs to a cyber-attack, the first thing you need to think about, when assessing the situation and putting together a plan for recovery and future mitigation, is exactly how you are going to communicate.  Whether it is the IT department discussing the technicalities, or communicating with senior managers and the board to keep them abreast of events, the last thing you should do is use the very platform that has just been compromised, ie, your corporate network.

In layman’s terms, if your email has been hacked, sending an email to your friends asking for help is nonsensical – your email alerts the hackers to the fact you’ve detected their presence.  And, you can’t tell if any of the responses are genuinely from your friends or from the hackers messing with you.

It is very common when hackers have compromised a system for them to watch carefully for the responses from any IT resources that are tasked with countering their attack. Typically this includes watching and subverting any communications channels that IT may be using.  It’s not unusual for hackers to send spoof messages to try and assess just how well the IT team understands the nature of the attack, to capture new passwords or other changes to security, and prevent key messages from being delivered.

During the initial investigation phase of a cyber attack it is difficult to know what systems have been compromised, so it is best not to rely on any of them, if possible.

By protecting the communications of the IT and digital forensics team, you are blocking a very useful source of information from being intercepted or modified by the hackers. In addition, by using a secure communications platform, such as Armour Mobile, and having the secure comms hosted by a third party, you are further isolating the IT team’s comms from the potentially compromised systems that they are trying to recover.

For third party ‘blue teams’ brought in to handle such hacking situations it makes perfect sense for them to bring their own secure comms solution with them – and this is a question that you should be asking any would-be supplier when tendering for such services.

Armour is now working with a number of organisations that can provide specialist technical consultancy and cyber advisory services, from penetration testing and assurance, to incident management and response, and technical security research.