Incident Response Communications: Are Your Normal Channels Secure?
Does your business continuity plan (BCP) include how you will communicate during a cyberattack, when your regular communication channels may be compromised?
It’s a question worth asking right now, to protect your organization.
“Secure and reliable communication is often a critical missing element of cyber incident response that creates costly uncertainty and delays,” says BlackBerry Cybersecurity Business Unit President John Giamatteo.
Fortunately, BlackBerry now offers a first-of-its-kind integration that can help.
Cyberattack Aftermath: Question Normal Communication Channels
The BlackBerry Incident Response (IR) team recently compiled their top tips, based on a combined 100-plus years of IR experience. In their series, 13 Deadly Sins of APT Incident Response, they explained a frequent mistake that compromised organizations make when dealing with a cyberattack: They continue to trust their everyday collaboration and communications tools.
“Communications about security incidents are often highly confidential and sensitive. The last thing you can afford to do is accidentally share your response plans with the attackers themselves. Sometimes an incident might be linked to an insider threat, or the attacker has access to internal email or online collaboration tools such as Slack.
“Also, on multiple occasions, our incident response team witnessed administrators using cleartext email to send credentials and other sensitive information during an incident. APT actors often have full control over email servers and have performed network surveillance to extract credentials from cleartext traffic. In one case we saw the threat actor reuse credentials created for the incident response teams’ recovery actions.”
— The Sixth Deadly Sin of Incident Response
This is precisely why the team recommends organizations ensure they have access to an out-of-band, encrypted, and trusted means of communication for the teams and individuals handling the incident.
And a new integration can help.
BlackBerry Integrates MDR and Critical Communications Platforms
BlackBerry has announced a new integration that combines the award-winning MDR (managed detection and response) protection of CylanceGUARD® with secure CEM (critical event management) capabilities powered by BlackBerry® AtHoc®.
In the event of a cyberattack, organizations that select a CylanceGUARD subscription with AtHoc features will benefit from secure, multi-channel internal and stakeholder communications for incident response actions, with the ability to alert, communicate and collaborate from within the CylanceGUARD platform — even when the usual communications infrastructure is compromised or unavailable.
“If email and chat services are down or can’t be trusted, how would organizations mobilize the right people to act, and provide guidance across the company as the situation unfolds?” asks Giamatteo.
“We’re the only cybersecurity company with our own multi-channel emergency communication capability. Our industry-first integrated solution provides assured situational awareness and dramatically improves organizations’ ability to respond when – not if – a cyber incident strikes.”
BlackBerry AtHoc is an interoperable CEM system that is trusted by organizations and used by over 75% of U.S. federal government employees for crisis communications and incident response. Users can quickly activate incident response plans for impacting situations, capture real-time information, and rapidly deploy secure communication to specified groups.
For organizations with limited IT resources that typically select CylanceGUARD protection, the opportunity to upgrade to a CylanceGUARD subscription with AtHoc features takes benefits previously available only to large, well-resourced entities, and makes them available to defenders of every size and scale.
Updating Continuity Plans for Cyberattack Communications
However you approach the challenge, having the right plans and tooling for communicating during a cyberattack could save you time, money — and further damage — during incident response.
For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry Blog.