In the midst of a Cyber Attack who you gonna call – and how?
Don’t rely on the very IP channel that has just been hacked, because your adversaries will be monitoring it!
As the number of organisations suffering major cyber-attacks continues to increase dramatically, the National Cyber Security Centre (NCSC)’s message on building operational and cyber resilience has never been more pertinent. Indeed, according to the UK Government’s Cyber Breaches Survey 2022, some 39% of businesses reported a cyber-attack, demonstrating the point that its not a case of if, but when, your organisation will suffer a cyber breach.
Building resilience from the ground up
When an organisation succumbs to a cyber-attack or catastrophic IT failure, the first thing is to do, even before assessing the situation fully and putting together a plan for recovery and future mitigation, is to understand exactly how you are going to communicate. It’s not just the IT department discussing the technicalities, and business continuity managers communicating with the C suite and the board to keep them abreast of events. There is a wide variety of people involved an handling the situation that will need secure, reliable comms. They will include those with internal roles such as project managers, risk and incident managers, as well as employees with external roles such as customer relationship managers, public relations, legal consul and lawyers. The last thing you should do is use the very platform that has just been compromised, ie, your corporate network, if indeed you can.
Don’t rely on a compromised system
In layman’s terms, if your email has been hacked, sending an email to your friends asking for help is nonsensical – your email alerts the hackers to the fact you’ve detected their presence. And, you can’t tell if any of the responses are genuinely from your friends or from the hackers messing with you.
It is very common when hackers have compromised a system for them to watch carefully for the responses from any IT resources that are tasked with countering their attack. Typically this includes watching and subverting any communications channels that IT may be using. It’s not unusual for hackers to send spoof messages to try and assess just how well the IT team understands the nature of the attack, to capture new passwords or other changes to security, and prevent key messages from being delivered.
During the initial investigation phase of a cyber attack it is difficult to know what systems have been compromised, so it is best not to rely on any of them, if possible.
Secure your emergency communications for key staff
By protecting the communications of the IT and digital forensics team, as well as other key senior members of staff, you are blocking a very useful source of information from being intercepted or modified by the hackers. In addition, by using a secure communications platform, such as Armour Mobile, and having the secure comms hosted by a third party, you are further isolating the senior management and IT team’s comms from the potentially compromised systems that they are trying to recover.
Armour Mobile, which is approved by NCSC and NATO, can be up and running in minutes
For third party ‘blue teams’ brought in to handle such hacking situations it makes perfect sense for them to bring their own secure comms solution with them – and this is a question that you should be asking any would-be supplier when tendering for such services.
Armour works with a number of organisations that can provide specialist technical consultancy and cyber advisory services, from penetration testing and assurance, to incident management and response, and technical security research.
Contact us today for more information about protecting your emergency and sensitive communications and building operational resilience: firstname.lastname@example.org