Out-of-Band Secure Communications are vital for Incident Management

The on-going cyber-attacks at high profile retailers is a timely reminder that all organisations should carefully consider how they would communicate when their day-to-day systems are compromised. Minister for Intergovernmental Relations and Chancellor of the Duchy of Lancaster, Pat McFadden, stated at CyberUK in his keynote speech that “companies must treat cyber security as an absolute priority”.  Having an Out-of-Band secure communications system is vital for corporate cyber resilience and incident management, and to ensure that organisations can respond quickly and effectively to a cyber-attack, taking control of the situation early.

As the National Cyber Security Centre (NCSC) so succinctly puts it:

During a cyber incident, your usual communications channels may not be available. You may need to establish alternative ways to keep in touch with staff, stakeholders and customers, using phone lines, messaging apps or social media platforms – NCSC

The point that organisations cannot rely on mass-adoption apps has been demonstrated all too well in recent weeks with reports from the BBC that “anonymous hackers showed the BBC screenshots of the first extortion message they sent to Co-op’s head of cyber security in an internal Microsoft Teams chat on 25 April”

If hackers get inside corporate systems, they can not only send messages that appear to be from legitimate users, and participate in internal chat and conference systems, but also listen in to conversations between security teams and management about incident response and recovery, and so are able to cause even more chaos by anticipating and circumventing your countermeasures. The only solution is to use an independent, out-of-band, secure communications solution that doesn’t rely on the organisation’s every-day technology.

And its not like we haven’t been warned.  Earlier this year UK intelligence and security organisations raised threat levels. The National Protective Security Authority (NPSA) updated its threat picture and issued guidance on how to counter the risk of sabotage to UK interests and national security. At about the same time, NCSC issued guidance on effective communications in a cyber incident.

Prepare with incident management and response

One way that organisations can protect themselves is to prepare for the threats posed by cyber-attacks, by creating robust incident management and response policies and processes, that are set up and (most importantly) tested in advance.

Secure communication with key stakeholders, including external suppliers, is one area that many organisations overlook in the panic to deal with a serious incident. Indeed, it is one of the first points that NCSC makes in its guidance document for effective communications in a cyber incident (referred to above) and goes on to state that “…effective communication to staff, stakeholders, customers and the media is crucial for shaping how an organisation is perceived.”

Both NIST and the Digital Operational Resilience Act (DORA) suggest that incident response groups with key contacts/structures are pre-defined and set up before an incident occurs, so that communications can begin immediately on the secure channel.

Our previous blog In the midst of a cyber attack, who you gonna call? And how? explains the challenges in more detail.

How do current systems stack up?

Mass-adoption desktop platforms that include messaging and collaboration tools are often the basis for an entire enterprise technology infrastructure with many critical dependencies. For example, if your main systems were attacked so that your Active Directory or Identity and Access Management systems are compromised, how would the business operate?  What would be the ramifications for your employees trying to do their jobs and communicate with colleagues? Could they trust the emails, chats and even conference calls they receive have not been compromised?

Ensuring you have the right infrastructure components for effective incident management and response is key.

Back up communications channels

For all organisations it is crucial to have a back-up communications channel (often referred to as out-of-band) that can be used to marshal a response to any attack or major incident, and organise recovery processes.

A standalone, independently or in-house hosted secure communications platform that is as engaging and easy to use as a consumer-grade app can ensure that employees have a solution that keeps data secure, while providing the capability to communicate effectively.  Such platforms deliver:

• Data protection using UK Government and NATO approved tools, Secure by Design/Secure by Default
• One easy-to-implement solution that enables multi-domain integration of communications amongst trusted third parties and stakeholders
• Instant, remote and mobile secure collaboration

What is an ‘out-of-band’ communications channel?

An out-of-band communications channel is one that does not rely on the standard enterprise infrastructure: It is a system that can operate completely on its own as a standalone solution, i.e. it doesn’t rely on email, Microsoft Office/365, or other mainstream systems. An out-of-band communications platform can work when other systems are compromised and its standalone nature protects it from the attackers.

How Armour can help

Armour provides a single platform for communicating securely even on personal/BYOD devices, keeping control of the data without the requirement for an MDM. It enables secure calls (audio and video), video conferencing, and secure instant messaging with document exchange, using personal, off-the-shelf smartphones and desktops. This allows trusted colleagues to share and discuss sensitive information, protected from eavesdroppers, even in the event of a cyber attack.

Armour can also provide a genuinely secure archive/audit capability, as required by regulated industries and public sector bodies where a record of material conversations and communications are a legal imperative, and may be required for Freedom of Information (FOIA) responses.  In addition, recording the incident response can be invaluable for internal review, criminal proceeding against the hackers and to refine response to incidents by an organisation in the future to further improve incident management processes.

Control users – be sure who is on the call

Users/call groups are centrally managed, and people can only join and use the app by invitation. Identity-based authentication (using NCSC’s MIKEY-SAKKE protocol) means that users can be confident when using the platform that they are communicating with who they think they are.  Armour addresses the issue of identity-spoofing and ghost-callers, particularly useful when video conferencing.

Armour can be deployed as a cloud or on-premises installation which preserves data sovereignty by giving full control as to where data resides, as well as providing the independence from third party solutions required to provide an ‘out-of-band’ emergency communications channel.

And, of course, Armour can also be deployed for day-to-day, sensitive communications (with built-in audit compliance), if your business needs to protect its C-suite users, frequent overseas travellers, commercial negotiations, strategic discussions, etc.

Secure Communications Buyer’s Guide

For more comprehensive information about what you should be looking for in an ‘out-of-band’ secure communications platform to support your Incident Management and Response capabilities, download our Buyer’s Guide: https://www.armourcomms.com/2023/06/29/securing-communications-channels-a-buyers-guide/