Skip to main content

Communicating in the midst of a cyber attack

HP Wolf Security
(Image credit: HP)

Ransomware attacks continue to dominate news headlines, with attacks on the US Colonial Pipeline, JBS, the world’s biggest meat supplier, and IT company Kaseya all occurring within mere weeks of each other. 

Ransomware attacks have been happening for years, but the recent epidemic has triggered international action. G7 members are calling for countries to hold cyber criminals to account within their borders. Similarly, NATO sent out a statement reaffirming the idea that “malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack."

Cyber-attacks show no signs of slowing down. While there is a wealth of security tools available to prevent or combat attacks, communication is often overlooked. There are surprisingly few collaboration and messaging tools that are secure and resilient enough to keep cybersecurity teams communicating when dealing with an attack. 

Mayday, mayday….Come in team?  

Security teams are at their most vulnerable when cyberattacks strike; they need to coordinate quickly - both internally within their team and with the rest of the organization - but they can’t be 100 percent sure about which systems are compromised until the investigation is finalized.

Coordinating over email is of course out of the question. Even if it’s still operational, it’s too slow to allow security teams to collaborate in real-time, and it isn’t encrypted. Secure email systems, such as PGP, are barely deployed, also asynchronous, and not user-friendly enough for general use. 

Chat platforms such as Signal have end-to-end encryption by default and are popular amongst security teams. But these consumer-grade platforms rely on everyone registering with their own phone number and lack basic enterprise requirements such as auditing, Single Sign-On and integration with enterprise systems. They also do not allow to verify that the users really are who they claim to be. Traditional messaging apps also lack interoperability with other communication platforms, meaning all team members firefighting need to use the same platform. A logistical nightmare in the midst of a cyber attack if some members can’t be reached quickly. 

Enterprise collaboration platforms such as Microsoft Teams, and particularly  Slack, are usually the default for cybersecurity teams - but both lack end-to-end encryption; a fundamental for secure communication, and are at risk of being impacted by the attack. 

The widely adopted centralized traditional collaboration tools create a vulnerable honeypot of information that is highly attractive to cybercriminals. They are also attack vectors for cyberattacks; be it to instigate an attack, as demonstrated by the Slack-centered attack on EA, or to monitor an organization’s response to help steer the attack further.

And given these centralized platforms are prone to unplanned global outages, who’s not to say a sophisticated group deliberately takes down a collaboration service to cause extra confusion and stifle response times?

Closing off cybercriminals while keeping communication open  

Cybersecurity teams need secure real-time communication that can be relied upon in both normal circumstances, and in the face of an attack. End-to-end encryption is essential to protect conversations, and security teams need to ensure all chat participants can be trusted. 

Security teams should ensure their communication channels enable verification, to allow participants to authenticate devices and ensure members’ identities are known to prevent messages from ending up in the wrong hands.

This trust also extends to where data is stored. While on-premise is generally regarded as preferable, it is at risk of being impacted by the same attack. A traditional SaaS-based solution is subject to single point of failure issues, and usually isn’t end-to-end encrypted - giving the provider access to confidential discussions.

So for the majority of organizations, the most secure option is a hosted solution based on a decentralized stack as it allows for a standalone deployment, a separate network and most often end-to-end encryption.

Strength in depth

Platform resilience is also key. If an attack takes down an organization’s network, any communications solution running on it also goes down. Cybersecurity - and other mission-critical operations - either have to run separately, or have a separate backup solution in place.

Most mission-critical systems have an automatic fail-safe. Yet communications - the cornerstone of coordination and decision-making - is rarely protected by a backup. Should the primary collaboration system be rendered unusable, there needs to be a completely separate, though ideally synced, alternative available. A fallback of scrambling around in Signal - with key people doubtless out of the group and zero auditing in place - is simply negligent.

Such Out-of-Band communication must be a consideration for all teams across the organization. Indeed a dual Out-of-Band system could allow cybersecurity teams, and other mission-critical parts of the business, to use encrypted collaboration as a default. That same system can then be made available as a scalable backup system for the rest of the company. 

An additional line of defense comes from rejecting the conventional centralized approach in favor of a decentralized platform that brings with it internet-style resilience. There’s no single point that an attack can target, making the platform far more robust to ensure cybersecurity can continue communicating securely in the midst of an attack.

The new, more secure, normal

After 18 months of remote working, and many workforces now adopting hybrid working, it’s clear that real-time communication needs to be more secure and more reliable.

The ability to jump straight into an encrypted video or voice call, group chat or 1:1 conversation to share data quickly is paramount to keeping not just security teams productive and agile, but the whole organization.

Doubtless a cybersecurity team would prefer the whole company to use an encrypted collaboration platform by default. In reality, the chances are that the majority of the organization is using ‘good enough’ Microsoft Teams purely because it’s bundled with Microsoft 365.

The cybersecurity function should opt for a secure collaboration that interoperates with the likes of Microsoft Teams and Slack. In doing so it gives the cybersecurity team a secure and seamless out-of-band communication platform; rather having to jump into a different platform when communicating with people in other departments.

If cybersecurity’s out-of-band platform integrates with the organizations’ primary system, it can also act as an automated backup for the whole company should a Microsoft Teams or Slack suffer a global outage.

organizations need to assess collaboration products and services that help them achieve the right balance of security, functionality and internal and external connectivity. Choosing a decentralized solution, so that data stays in the company’s direct ownership, should be a no-brainer alongside end-to-end encryption. A secure but open network is an added bonus that helps cybersecurity experts - inside and outside an organization - talk in confidence, with confidence.

Amandine Le Pape, Co-founder and Chief Operating Officer, Element

Amandine Le Pape is the Co-founder and Chief Operating Officer of the secure messaging app, Element. Amandine is an engineer that previously set up and led product management for the Unified Communications line of business within global communications company Amdocs and she has more than 10 years of experience in mobile services and telecommunications.