Lessons From a Teenage Hacker: Establish Secure Communication Before You’re Breached
Just two days after discovering a teenage hacker breached Uber, the company revealed something about the incident that every organization needs to be aware of: Your communication tools may be compromised during a cyberattack.
Uber explains what the attacker did after getting a foothold in the network:
“From there, the attacker accessed several other employee accounts which ultimately gave the attacker elevated permissions to a number of tools, including G-Suite and Slack. The attacker then posted a message to a company-wide Slack channel…”
In this case, the threat actor announced their presence. But in many cases, they do not. Instead, they may secretly monitor incident response — and executive reaction — to the attack.
Communications During a Data Breach
The BlackBerry Incident Response Team says a mistake too many organizations make following a data breach is assuming that typical comms channels, like Slack or email, are secure.
Communications about security incidents — whether from the security team or the public relations team — are typically confidential and sensitive. The last thing you can afford to do is share your response with the attackers themselves. But our team sees this scenario happen time and again.
Daily communication platforms like Teams and Slack aren’t designed for use during a crisis or critical event — and might become untrustworthy — as demonstrated by a growing number of attacks.
Backup communication systems are becoming as important as backing up data. Because during an incident, communication is critical.
Mitigate Risk With an External Communication Platform
This reaffirms the need for robust business continuity plans and defined actions including reliable communications tools that can be trusted when a crisis strikes. Planning ahead for these “out of band” communications is crucial. Such a system enables employees and organizations to communicate uninterrupted when their internal systems are down or compromised.
An increasing number of organizations are making an external communications tool part of their business continuity plan.
Here are 4 key things to consider when evaluating such a tool:
- Encryption is a must. Make sure the platform encrypts all messages
- What is the capacity to deliver in a large event? Can the tool deliver when many customers are also dealing with the same event?
- Can the offering ingest multiple feeds from various sources such as weather, fire, and law enforcement?
- What is their reputation for customer support?
Implementing a reliable crisis communications solution can help your organization navigate every type of incident. BlackBerry® AtHoc® is hosted off-premises and independent from the organization’s internal IT infrastructure. AtHoc keeps your communications functioning during a crisis and is integrated with FEMA’s Integrated Public Alert & Warning System (IPAWS) and Canada’s National Public Alerting System (NAAD).