Preventing security incidents is an admirable goal, but detection and response are often the reality. The number of cyberattacks per week on corporate networks increased 50 percent in 2021 compared to 2020. Motivated threat actors will find a way in; the damage they cause depends on your level of preparation.
The average total cost of a data breach for companies with an IR team that also tested an IR plan using tabletop exercises or simulations was $3.25M, compared to $5.71M for companies with neither an IR team nor tests of the IR plan.– IBM Security & Ponemon Institute Cost of a Data Breach Report 2021
Effectively coordinating activities and resources under the intense pressure of an attack requires careful planning, and the right tools.
Communication is Key
Responding to incidents requires close cooperation between the incident response (IR) team, and a variety of internal and external stakeholders. While the majority of organizations have detailed IR plans in place, many overlook the importance of identifying and testing secure collaboration tools prior to an incident.
It is important to remember that in the event of a network compromise, unauthorized parties are likely to be monitoring—and attempting to counteract—your efforts. Encrypted, out-of-band communications can protect your IR activities from prying eyes.
Establishing Out-of-Band Communication
Out-of-band communications take place outside your normal systems, allowing users to communicate securely and privately, even on a compromised network.
The most common types of secure out-of-band communications include:
- Restricted-access text, voice, or video messaging service secured with end-to-end encryption, such as that offered by Wickr
- Non-company email accounts with multi-factor authentication (MFA); not official corporate email accounts that may have been compromised
- Encrypted file-sharing platform, secured with MFA, outside of your normal file sharing solution
Don’t wait for an incident to test your out-of-band communications. Determine which methods make the most sense for your organization; they should bypass your normal corporate network, have advanced security features, and be relatively easy for your staff to learn.
As part of your IR plan, run regular drills to ensure stakeholders know which communication methods to use, how to use them, and that everything runs smoothly.
Plan in advance by adhering to the following best practices.
Use Alternative Communication Devices
When communicating after an incident, even with out-of-band methods, it’s important to remember that any devices that were connected to your corporate network may be compromised. To coordinate IR efforts, use computers, phones, and other devices that are dedicated solely to incident response and completely isolated from your network. Do not use personal devices, as they may also be compromised.
Establish Alternative Collaboration Channels
It’s possible for your entire corporate network to be compromised during a data incident. Therefore, you should communicate your IR plan outside of your network. To do so, establish an alternative collaboration channel with enhanced security features that does not connect to your normal network, such as that offered by Wickr. This should be an internet-based solution so that stakeholders both inside and outside your main offices can connect, although ideally not through home networks or public Wi-Fi hotspots.
Unlike during normal day-to-day operations, when all employees can communicate with each other, communications during a data incident need to be limited to a select few individuals. To enhance in-event security, lock out employees who aren’t absolutely necessary to the incident response. Establish ahead of time who needs be part of your incident response team and temporarily block communications for everyone else.
Determine Communication Protocols During the Event
Determine ahead of time not just how your IR response team will communicate, but what they will communicate during an event. You don’t want team members to inadvertently reveal crucial information that could benefit threat actors. Instead, keep communications short and sweet, and make sure every team member knows their role.
Make Wickr Part of Your Out-of-Band Communication Incident Response
Your incident response team needs to be able to communicate with enhanced security before, during, and after an event. The most effective way to do this is via out-of-band communications. Wickr’s secure communications and collaboration platform employs end-to-end encryption (E2EE) and other military-grade security to help your organization protect its text, voice, and video communications, along with shared data files, even if a security incident impacts your systems. It’s an effective way for your organization to safely initiate and execute its IR plan.
Contact us today to learn more about incorporating Wickr as part of your organization’s incident response plan.